search

CGI-FR / IoT-Hub-Portal

IoT Hub Portal is a solution for handling IoT Devices easily. It leverages on Azure IoT Hub / AWS IoT Core for connectivity and device management.
https://cgi-fr.github.io/IoT-Hub-Portal/stable/
MIT License
32 stars 10 forks source link

Task: RBAC - Role Definition #2697

Open kbeaugrand opened 8 months ago

kbeaugrand commented 8 months ago

Story: #2694

Description Create a list of specific roles needed in the system (e.g., admin, user, manager, etc.). Define the permissions associated with each role based on gathered requirements and associated hierarchical scopes.

TLeoDev commented 8 months ago

Role Definition Documentation

Story Reference

Introduction

This document lists and defines the specific roles needed in our system, along with their associated permissions. These roles have been designed based on our system requirements and the hierarchical scopes within which they will operate.

List of the actions and their correspondants API with description :

Group Management:

Name of Action Description API method api String
GetAllGroups Retrieves all groups GET /api/groups
GetGroupDetails Retrieves details for a specific group GET /api/groups/{groupId}
CreateGroup Creates a new group POST /api/groups
UpdateGroup Updates an existing group PUT /api/groups/{groupId}
DeleteGroup Deletes a group DELETE /api/groups/{groupId}
GetGroupAvatar Gets the avatar for a group GET /api/groups/{groupId}/avatar
UpdateGroupAvatar Updates the avatar for a group PUT /api/groups/{groupId}/avatar
DeleteGroupAvatar Deletes the avatar for a group DELETE /api/groups/{groupId}/avatar

Group Member Management :

Name of Action Description API method api String
GetGroupMembers Retrieves all members of a specific group GET /api/groups/{groupId}/members
AddGroupMembers Adds members to a group POST /api/groups/{groupId}/members/add
RemoveGroupMembers Removes members from a group DELETE /api/groups/{groupId}/members/remove

Role Management :

Name of Action Description API method api String
GetAllRoles Retrieves all roles GET /api/roles
GetRoleDetails Retrieves details for a specific role GET /api/roles/{roleId}
CreateRole Creates a new role POST /api/roles
UpdateRole Updates an existing role PUT /api/roles/{roleId}
DeleteRole Deletes a role DELETE /api/roles/{roleId}
GetRoleAvatar Gets the avatar for a role GET /api/roles/{roleId}/avatar
UpdateRoleAvatar Updates the avatar for a role POST /api/roles/{roleId}/avatar
DeleteRoleAvatar Deletes the avatar for a role DELETE /api/roles/{roleId}/avatar

AccessControl Management :

Name of Action Description API method api String
GetAccessControls Retrieves access controls for a specific scope GET /api/accesscontrols/{scope}
AddAccessControl Adds an access control to a scope POST /api/accesscontrols/{scope}/add
RemoveAccessControl Removes an access control from a scope DELETE /api/accesscontrols/{scope}/remove
EditAccessControl Edits an existing access control PUT /api/accesscontrols/{scope}/edit
GetHierarchicalScopes Retrieves the hierarchy of scopes GET /api/scopes/hierarchical
CreateHierarchicalScope Creates a new hierarchical scope POST /api/scopes/hierarchical/create
UpdateHierarchicalScope Updates an existing hierarchical scope PUT /api/scopes/hierarchical/update
DeleteHierarchicalScope Deletes a hierarchical scope DELETE /api/scopes/hierarchical/delete

Admin APIs :

Name of Action Description API method api String
ExportDevices Exports a list of devices from the portal POST /api/admin/devices/_export
ImportDevices Imports a list of devices to the portal POST /api/admin/devices/_import
DownloadDeviceTemplate Downloads a template file to import devices POST /api/admin/devices/_template

Metrics :

Name of Action Description API method api String
GetPortalMetrics Gets the portal metrics GET /api/dashboard/metrics

IoT Devices :

Name of Action Description API method api String
GetAllDeviceConfigurations Gets all device configurations GET /api/device-configurations
CreateDeviceConfiguration Creates a device configuration POST /api/device-configurations
GetDeviceConfiguration Gets a specific device configuration GET /api/device-configurations/{configurationId}
UpdateDeviceConfiguration Updates a device configuration PUT /api/device-configurations/{configurationId}
DeleteDeviceConfiguration Delete a device configuration DELETE /api/device-configurations/{configurationId}
GeAlltDeviceConfigurationMetrics Gets all the metrics from a device configuration GET /api/device-configurations/{configurationId}/metrics
GetAllDevices Gets all the devices GET /api/devices
CreateDevice Creates a device POST /api/devices
UpdateDevice Updates a device PUT /api/devices
GetDeviceDetails Gets a specific device GET /api/devices/{deviceID}
DeleteDevice Deletes a device DELETE /api/devices/{deviceID}
GetDeviceCredentials Gets the device credentials GET /api/devices/{deviceID}/credentials
GetDeviceProperties Gets the device properties GET /api/devices/{deviceID}/properties
CreateDeviceProperties Set the device properties POST /api/devices/{deviceID}/properties
GetAllAvailableDeviceLabels Get all the available labels GET /api/devices/available-labels

IoT EdgeDevices :

Name of Action Description API method api String
GetAllEdgeDevices Gets the IoT Edge device list GET /api/edge/devices
CreateEdgeDevice Creates the IoT Edge device POST /api/edge/devices
GetEdgeDevice Gets the specified device GET /api/edge/devices/{deviceId}
UpdateEdgeDevice Updates the device PUT /api/edge/devices/{deviceId}
DeleteEdgeDevice Deletes the device DELETE /api/edge/devices/{deviceId}
ExecuteEdgeModuleMethod Executes the module method on the IoT Edge device. POST /api/edge/devices/{deviceId}/{moduleName}/{methodName}
GetEdgeDeviceCredentials Gets the IoT Edge device enrollement credentials GET /api/edge/devices/{deviceId}/credentials
GetEdgeDeviceEnrollmentScriptUrl Gets the IoT Edge device enrollement script Url GET /api/edge/devices/{deviceId}/enrollementScript/{templateName}
GetEdgeDeviceLogs Execute a GetModuleLogs method on the device POST /api/edge/devices/{deviceId}/logs
GetAllAvailableEdgeDeviceLabels Get all the available edge devices labels GET /api/edge/devices/available-labels
GetEdgeDeviceEnrollmentScript Gets the device enrollment script GET /api/edge/devices/enroll

IoT Edge Devices Models :

Name of Action Description API method api String
GetAllEdgeModel Gets all the edge device models GET /api/edge/models
CreateEdgeModel Creates an edge device model POST /api/edge/models
UpdateEdgeModel Updates an edge device model PUT /api/edge/models
GetEdgeModel Gets an edge device model GET /api/edge/models/{edgeModelId}
DeleteEdgeModel Deletes an edge device model DELETE /api/edge/models/{edgeModelId}
GetEdgeModelAvatar Gets an edge device model avatar GET /api/edge/models/{edgeModelId}/avatar
UpdateEdgeModelAvatar Update an edge device model avatar POST /api/edge/models/{edgeModelId}/avatar
DeleteEdgeModelAvatar Deletes an edge device model avatar DELETE /api/edge/models/{edgeModelId}/avatar
GetPublicEdgeModules Get all public edge device modules GET /api/edge/models/public-modules

Ideas :

Name of Action Description API method api String
SumitIdea Sends an idea to the IoT Hub Portal community POST /api/ideas

LoRa WAN :

Name of Action Description API method api String
GetAllConcentrators Gets all concentrators GET /api/lorawan/concentrators
CreateConcentrator Creates a concentrator POST /api/lorawan/concentrators
UpdateConcentrator Updates a concentrator PUT /api/lorawan/concentrators
GetConcentrator Gets a concentrator GET /api/lorawan/concentrators/{deviceId}
DeleteConcentrator Deletes a concentrator DELETE /api/lorawan/concentrators/{deviceId}
GetAllLorawanDevices Gets all the LoRaWAN devices GET /api/lorawan/devices
CreateLorawanDevice Creates a LoRaWAN device POST /api/lorawan/devices
UpdateLorawanDevice Updates a LoRaWAN device PUT /api/lorawan/devices
GetLorawanDevice Gets a LoRaWAN device GET /api/lorawan/devices/{deviceID}
DeleteLorawanDevice Deletes a LoRaWAN device DELETE /api/lorawan/devices/{deviceID}
ExecuteLorawanDeviceCommand Executes the command on the LoRaWAN device POST /api/lorawan/devices/{deviceId}/_command/{commandId}
GetLorwanDeviceTelemetry Gets the LoRaWAN device telemetry GET /api/lorawan/devices/{deviceId}/telemetry
GetAvailableLorawanDeviceLabels Gets all the available labels for LoRaWan devices GET /api/lorawan/devices/available-labels
GetLorawanDeviceGateways Gets the LoRaWAN device gateways GET /api/lorawan/devices/gateways
GetFrequencyPlans Get the LoRaWAN device supported frequency plans GET /api/lorawan/freqencyplans
GetAllLorawanDeviceModels Gets all the LoRaWAN device models GET /api/lorawan/models
CreateLorawanDeviceModel Creates a LoRaWAN device model POST /api/lorawan/models
GetLorawanDeviceModel Get a LoRaWAN device model GET /api/lorawan/models/{id}
UpdateLorawanDeviceModel Updates a LoRaWAN device model PUT /api/lorawan/models/{id}
DeleteLorawanDeviceModel Deletes a LoRaWAN device model DELETE /api/lorawan/models/{id}
GetLorawanDeviceModelAvatar Gets a LoRaWAN device model avatar GET /api/lorawan/models/{id}/avatar
UpdateLorawanDeviceModelAvatar Update a LoRaWAN device model avatar POST /api/lorawan/models/{id}/avatar
DeleteLorawanDeviceModelAvatar Deletes a LoRaWAN device model avatar DELETE /api/lorawan/models/{id}/avatar
UpdateLorawanDeviceModelCommands Updates the LoRaWAN device model's commands POST /api/lorawan/models/{id}/commands
GetLorawanDeviceModelCommands Gets the LoRaWAN device model's commands GET /api/lorawan/models/{id}/commands

Device Models

Name of Action Description API method api String
GetAllDeviceModels Gets all device models GET /api/models
CreateDeviceModel Creates a device model POST /api/models
GetDeviceModel Get a device model GET /api/models/{id}
UpdateDeviceModel Updates a device model PUT /api/models/{id}
DeleteDeviceModel Deletes a device model DELETE /api/models/{id}
GetDeviceModelAvatar Get a device model avatar GET /api/models/{id}/avatar
UpdateDeviceModelAvatar Updates a device model avatar POST /api/models/{id}/avatar
DeleteDeviceModelAvatar Deletes a device model avatar DELETE /api/models/{id}/avatar
GetDeviceModelProperties Gets the device model properties GET /api/models/{id}/properties
SetDeviceModelProperties Sets the device model properties POST /api/models/{id}/properties

Portal Settings :

Name of Action Description API method api String
UpdateDeviceTagSettings Updates the device tag settings used in the application POST /api/settings/device-tags
GetAllDeviceTagSettings Gets the device tag settings used in the application GET /api/settings/device-tags
CreateOrUpdateDeviceTag Creates or update a device tag PATCH /api/settings/device-tags
DeleteDeviceTagByName Deletes a device tag by name DELETE /api/settings/device-tags/{deviceTagName}
GetOIDCSettings Gets the Open ID settings GET /api/settings/device-tags/{deviceTagName}
GetPortalSettings Gets the portal settings GET /api/settings/portal

Our Predefined Roles for RBAC :

SuperAdministrator

Description: Has full control over the system and can manage all aspects of the application.

DeviceManager

Description: Manages device configurations, properties, and can update device information.

EdgeDeviceManager

Description: Oversees the management and operations of IoT Edge devices.

MetricsViewer

Description: Authorized to view system metrics and performance data.

RoleManager

Description: Specializes in creating and customizing roles and their associated actions

GroupManager

Description: Responsible for managing user groups and their members within the system.

AccessControlManagement

Description: Manages access controls and defines permissions for users and groups at different scopes.

ScopeArchitect

Description: Designs and manages the hierarchical scopes within the application.

IdeaContributor

Description: Can submit ideas for improvements or new features within the IoT Hub Portal.

TagManager

Description: Manages tags for devices, ensuring correct labeling and categorization.