RBAC (Role-Based Access Control)

[muhammedabdelkader]

• Define roles (individual, family, team, organization).
• Implement middleware for RBAC checks

[muhammedabdelkader]

https://github.com/G-authy/g-authy.github.io/commit/e2c88ebb4dee282e6e53c993a4db323b9e58f5b2

[mostafaelnakeb]

COntrols on system 1- Tanent has an owner. 2- each tanent contains at least group 3- each group contains at least a user 4- there is no user without group 5- resource will have one owner 6- the permission will be handled from the permission table

the user permission will be the union of group permission and his permission

[muhammedabdelkader]

All implementation for this issue will use the branch 5-rbac-role-based-access-control

[muhammedabdelkader]

Regard to permissions, roles, secrets, tenants, users, and vaults. Below is a simple conceptual representation:

Vault:

• A vault is a secure storage system for secrets.
• Manages the access control and permissions for stored secrets.

Role:

• Represents a set of permissions.
• Roles define what actions or operations a user or a group can perform.

Permission:

• Defines the level of access or actions that can be performed. Examples: read, write, delete.

User:

• Represents an individual user.
• Associated with one or more roles.

Group:

• Represents a collection of users.
• Groups can have roles assigned to them collectively.

Tenant:

• Represents an isolated and independent space.
• Users, roles, and permissions can be scoped within a tenant.

Secret:

• Sensitive information stored in a vault.
• Access to secrets is controlled by roles, permissions, and user/group associations.

Here's a textual representation to illustrate relationships:

Vault:

• Manages Secrets
• Manages Access Control (Permissions and Roles)

Roles:

• Define Permissions
• Assigned to Users or Groups

Permissions:

• Define Access Levels (read, write, delete)
• Assigned to Roles

Users:

• Belong to Tenants
• Assigned Roles
• May belong to Groups

Groups:

• Collection of Users
• Assigned Roles

Tenants:

• Represents an Independent Space Users, Roles, Permissions scoped within a Tenant

Secrets:

• Stored in Vaults
• Access controlled by Roles, Permissions, and User/Group associations

[muhammedabdelkader]

KISS swagger https://github.com/G-authy/g-authy.github.io/blob/main/g-authy/docs/swagger.yaml