Open kbeaugrand opened 10 months ago
This document outlines the structure of our system's RBAC (Role-Based Access Control) model, detailing the roles, permissions, hierarchical scopes, and their interrelationships.
Action
class with attributes like Name
and Description
.Role
class includes a Name
and a list of Actions
.AccessControl
class links a Role
to a Scope
(a string representing the hierarchical path).User
class includes Name
and a list of AccessControls
.Group
class contains Name
, a list of Members
, and AccessControls
.Role: 'DeviceCommand_Execute' - This role allows executing commands on devices.
Secretariat Group:
AccessControl
linking the 'DeviceCommand_Execute' role with the scope "Secretariat".Scope Assignment: Devices in different departments are assigned scopes based on their location and function. For example:
Permission Limitation:
This example illustrates how the RBAC model can be effectively used to manage permissions in a complex environment. By assigning roles and scopes wisely, the system ensures security and operational efficiency, allowing specific actions in designated areas while preventing unauthorized access to sensitive equipment or areas.
@TLeoDev please review your previous comments regarding our internal discussions about the actions and access control managements
This document outlines the structure of our system's RBAC (Role-Based Access Control) model, detailing the roles, permissions, hierarchical scopes, and their interrelationships.
Role
class includes a Name
and a list of Actions
.AccessControl
class links a Role
to a Scope
(a string representing the hierarchical path).User
class includes Name
and a list of AccessControls
.Group
class contains Name
, a list of Members
, and AccessControls
.Role: 'DeviceCommand_Execute' - This role allows executing commands on devices.
Secretariat Group:
AccessControl
linking the 'DeviceCommand_Execute' role with the scope "Secretariat".Scope Assignment: Devices in different departments are assigned scopes based on their location and function. For example:
Permission Limitation:
This example illustrates how the RBAC model can be effectively used to manage permissions in a complex environment. By assigning roles and scopes wisely, the system ensures security and operational efficiency, allowing specific actions in designated areas while preventing unauthorized access to sensitive equipment or areas.
Some changes in the RBAC design (addition of the Principal concept) :
Story: #2694
This document outlines the updated structure of our system's RBAC (Role-Based Access Control) model, detailing the roles, permissions, hierarchical scopes, their interrelationships, and the integration of a new Principal
entity to unify the management of Users
and Groups
.
Story Reference
Story: As a system administrator, I want to define roles within the RBAC model to accommodate various user responsibilities, allowing for effective access control management. #2694
Introduction
This document outlines the updated structure of our system's RBAC (Role-Based Access Control) model, detailing the roles, permissions, hierarchical scopes, their interrelationships, and the integration of a new Principal
entity to unify the management of Users
and Groups
.
RBAC Model:
(ici une image du nouveau diagramme UML avec les changements)
Roles
Role
class includes a Name
and a list of allowed Actions
.Access Control
AccessControl
class links a Role
to a Principal
and a Scope
, defining where the allowed actions of a role are applicable.Principals
User
or a Group
, facilitating a central point of access control.Principal
entity holds references to AccessControls
, streamlining permission assignments for both users and groups.Users and Groups
Users
and Groups
are now linked via the Principal
entity, which simplifies the management of access controls.User
class includes Email
, GivenName
, and a Principal
.Group
class contains Name
, Description
... and a list of Members
(users who are part of the group) , and his associated Principal
.Hierarchical Scopes
Examples
Scenario: Enterprise with Multiple Departments
Role and Access Control Configuration
AccessControl
linking the 'DeviceCommand_Execute' role with the scope "Secretariat".
Hierarchical Scopes and Permissions
Conclusion
This example illustrates how the updated RBAC model, with the integration of the Principal
entity, can be effectively used to manage permissions in a complex environment. By assigning roles and scopes wisely, the system ensures security and operational efficiency, allowing specific actions in designated areas while preventing unauthorized access to sensitive equipment or areas.
Story: #2694
Description Define the structure of the RBAC model including roles, permissions, and hierarchical scopes, establishing relationships between them. Determine the parent-child relationships between scopes within the hierarchy.