[Design] Access Patterns - Authentication and Authorization

[TanmoySG]

Design the Access Pattern for Authentication (AuthN) and Authorization (AuthZ) for WDB.

• How AuthZ works ?
• How AuthN works ?
• How to use AuthZ for "global" ops - like create user, add user to access, etc. ? Use RBAC or ACL
• How to use AuthZ for granular Ops - like CRUD on database ? Use RBAC or ACL
• Difference between RBAC and ACL ?
• Use one or both ?
• Define how to use

Tasks

• [x] #22
• [x] #25

[TanmoySG]

https://www.mongodb.com/docs/manual/reference/built-in-roles/#superuser-roles

[TanmoySG]

https://www.mongodb.com/docs/manual/tutorial/manage-users-and-roles/#create-a-new-role-to-manage-current-operations

[TanmoySG]

• https://www.mongodb.com/docs/manual/tutorial/create-users/#additional-examples

• https://www.mongodb.com/docs/manual/tutorial/create-users/#create-additional-users-for-your-deployment

[TanmoySG]

• https://www.mongodb.com/docs/manual/reference/method/db.createRole/#mongodb-method-db.createRole

[TanmoySG]

Permissions

{
    "permissions" : 
}

[TanmoySG]

Authentication

• https://mattermost.com/blog/how-to-build-an-authentication-microservice-in-golang-from-scratch/
• https://www.bacancytechnology.com/blog/golang-jwt

[TanmoySG]

Notes

• Users are not limited to the Databases
• Users are Global
• Users can be created by Admin as well as at random (by anyone)
• Users created cannot be grantedRole at the same time.
• Only if the user is created by the admin (using authentication) the roles can be granted (maybe for later scope)
• Once a User is created, only the Admin (with superAdmin privileges) can grant the access to a role to the user.
• Roles can be granted only by users with grantRole privilege. If there are no users with that, only the admin can grant role with privilege grantRole to a user so that the user too can grant roles to other user.