Access control
Access control is applied based on the info of the resource being accessed, validating it against the info of the user accessing the resource. The verifications for access control are :
- Access to the resource type (using user roles/actors)
- Access to the resource tenant and guest tenants (using the user's tenant)
- Access to the resources owner (using the user accessing the resource)
This validations are performed in order.
Contents
How it works
Multitenancy
Amtech IoT platform is multitenant , with the goals of :
- Protecting resources that belong to a tenant
- Sharing resources among tenants based on the guesttenants/guestusers properties of the resources
Roles
Roles are resources that define the access control policies for the core resources.
- They specify the HTTP operations allowed on a given resource type.
- They are associated to users
- They are system managed.
- There are 2 main roles : activityCreator and follower. A user can only be one of both
- Users with the roles activityCreator will have access to thing types and observation types
- the admin tenant can remove or add members using the options team and invite respectively
- PaaS functionality
- Users with the roles follower will have the access their actors define (See Actors)
- the admin tenant can remove or add members using the options team and invite respectively
- SaaS configuration functionality
Actors for things and observations
Actors are resources that define access to specific thing types and notification types
- They specify the HTTP operations allowed to the type
- They are associated to users with the role follower via the subscription to a service or the invitation of new users
- Actors can include a restriction to apply the access control using the target resource user (meaning that the access control will be applied verifying access to type, tenant and user)
Access to observation types is also defined by actors, in relation to the observation production configuration of the thing types. For a follower to have access to observations of a given type, the follower must have an actor that gives access to a thing type that produces this observation type.
Policies
A police encompasses
- A Thing type
- The set of CRUD operations that can be execute over the selected Thing type
- Create (create a new resource of the type)
- Read (read resources of this type)
- Update (update resources of this type)
- Delete (delete resources of this type)
- if Check user is flag the polices will enforce that the user must own the resource to CRUD it
Tenants
- All resources have associated with them the tenant that owns it (the tenant of the user that created the resource), and may also define the list of guest tenants that will have read access to the resource.
- The tenant of a resource is automatically assigned when the resource is created and cannot be modified.
- The list of guest tenants of a resource can be assigned by the user.
Users
- The user id must be an email (to be redefined in future versions)
- A user can belong to multiple tenants, it may have multiple actors, but it can have only one role (either activityCreator or follower)
- Users are related to the resources regarding access control:
- All resources have the user that owns it (the user that created the resource), and may also define the list of guest users, that will have access to the resource according to their actors.
- The user of a resource is automatically assigned when the resource is created and cannot be modified.
- The list of guest users of a resource can be assigned anytime.
Access control properties in resources
- Things and observations types have 4 properties to govern access control
- _tenant assigned by the DAP, value is set to the tenant that creates the resource
- _user assigned by the DAP, value is set to the user that creates the resource
- guesttenants can be assigned by the user that created the resource
- guestusers can be assigned by the user that created the resource
Access while executing observers in the reasoner's engine
Regarding security, there are two possibilities when you configure the execution of the observer in a reasoner:
- Use the security of the observation to restraint the things returned by the observer.
- In this case the tenant of the observation is used to restraint the set of things returned by the observer. This restriction is applied on resource's tenant, meaning that only the things owned by the tenant will be returned. This does not include the things shared with him.
- Use the security of the service to restraint the things returned by the observer.
- In this case the tenants subscribed to the service are used to restraint the set of things returned by the observer.