Provide a mechanism for an administrator to execute an authorization audit against a store using a current set of authorization rules.
The connection string to the store and the set of authorization rules are both specified as options in JinagaServer.create. Provide a Node command line or JavaScript function that will execute an authorization audit using the server instance.
Each fact is loaded and every signature is checked using the specified authorization rules. The audit fails if the user who signed the fact is not authorized to do so given current knowledge. This will catch changes to authorization rules since the fact was originally signed, as well as revocation of prior authorization.
If all signatures of a fact are found to be unauthorized, then indicate that that fact as a whole is unauthorized. Provide the list of unauthorized facts separate from the list of unauthorized signatures of facts that also have authorized signatures.
Provide a mechanism by which the administrator can examine the unauthorized facts and signatures. For example, format the results as JSON objects that can be pasted into an exploratory function.
Also provide a mechanism by which the administrator can back up and purge unauthorized facts and signatures. For example, format the results as SQL INSERT and DELETE scripts that can produce the backup and purge the database respectively.
Provide a mechanism for an administrator to execute an authorization audit against a store using a current set of authorization rules.
The connection string to the store and the set of authorization rules are both specified as options in
JinagaServer.create. Provide a Node command line or JavaScript function that will execute an authorization audit using the server instance.Each fact is loaded and every signature is checked using the specified authorization rules. The audit fails if the user who signed the fact is not authorized to do so given current knowledge. This will catch changes to authorization rules since the fact was originally signed, as well as revocation of prior authorization.
If all signatures of a fact are found to be unauthorized, then indicate that that fact as a whole is unauthorized. Provide the list of unauthorized facts separate from the list of unauthorized signatures of facts that also have authorized signatures.
Provide a mechanism by which the administrator can examine the unauthorized facts and signatures. For example, format the results as JSON objects that can be pasted into an exploratory function.
Also provide a mechanism by which the administrator can back up and purge unauthorized facts and signatures. For example, format the results as SQL INSERT and DELETE scripts that can produce the backup and purge the database respectively.