Access control

From AMTech WikiDocs
Revision as of 09:22, 3 March 2016 by Lianet (Talk | contribs)

Jump to: navigation, search

Access control is applied based on the info of the resource being accessed, validating the following:

  • access to the resource type (based on roles/actors)
  • access to the resource tenant and guest tenants (based on the user's tenant)
  • access to the resources owner (based on the user accessing the resource)

Roles

Roles are resources that define the access control policies for the core resources.

  • They specify the HTTP operations allowed on a given resource type.
  • They are associated to users
  • They are system managed.
  • There are 2 main roles : activityCreator and follower
  • Users with the roles activityCreator will have access to entity types and observation types
  • Users with the roles follower will have the access their actors define (link to actors here)

Actors

Actors are resources that defined access to specific entity types and notification types

  • They specify the HTTP operations allowed the the type
  • They are associated to users with the role follower via the subscription to a service or the invitation of new users
  • Actors can include a restriction to apply the access control using the target resource user (meaning that the access control will be applied verifying access to type, tenant and user)

Tenants

Users