Difference between revisions of "Access control"
From AMTech WikiDocs
| Line 1: | Line 1: | ||
| − | Access control is applied based on the info of the resource being accessed | + | Access control is applied based on the info of the resource being accessed, validating the following: |
| + | * access to the resource type (based on roles/actors) | ||
| + | * access to the resource tenant and guest tenants (based on the user's tenant) | ||
| + | * access to the resources owner (based on the user accessing the resource) | ||
== Roles == | == Roles == | ||
Roles are resources that define the access control policies for the core resources. | Roles are resources that define the access control policies for the core resources. | ||
Revision as of 10:22, 3 March 2016
Access control is applied based on the info of the resource being accessed, validating the following:
- access to the resource type (based on roles/actors)
- access to the resource tenant and guest tenants (based on the user's tenant)
- access to the resources owner (based on the user accessing the resource)
Roles
Roles are resources that define the access control policies for the core resources.
- They specify the HTTP operations allowed on a given resource type.
- They are associated to users
- They are system managed.
- There are 2 main roles : activityCreator and follower
- Users with the roles activityCreator will have access to entity types and observation types
- Users with the roles follower will have the access their actors define (link to actors here)
Actors
Actors are resources that defined access to specific entity types and notification types
- They specify the HTTP operations allowed the the type
- They are associated to users with the role follower via the subscription to a service or the invitation of new users
- Actors can include a restriction to apply the access control using the target resource user (meaning that the access control will be applied verifying access to type, tenant and user)
