RaiBnod
commented
5 years ago This feature already exist on our project, used on our testing server previously but never used on our production server since we needed to change the Authorization policy on all the edge NodeRED devices.
Working branch git tag: v0.1.2-alpha (And on yet to be test on master branch, left as todo task)
SUPER_ADMIN:can r/w all the ditto data
ADMIN: can r/w its own and child descendants' (MANAGER companies) ditto data
MANAGER: can r/w its own MANAGER company data
USER/GUEST: can read its company data (MANAGER company)
Resources what we have done: https://docs.google.com/document/d/1QLvdcekdTIeasaXY4J_vNKPvq4ghBkQe_IpK55WfAPM
Authorisation of things in Ditto and PG https://www.eclipse.org/ditto/basic-policy.html
We need to be able to restrict access of things in ditto for different clients/users
https://www.eclipse.org/ditto/basic-policy.html