AAA Security - Githubissues

project-safari / zebra

lab resource inventory and reservation system

Apache License 2.0

6 stars 8 forks source link

AAA Security #193

Open evaachim opened 10 months ago

evaachim commented 10 months ago

Includes #150 #151 #152 #157

evaachim commented 10 months ago

Look at who does what on the server, access control, adding fields to accommodate.

evaachim commented 10 months ago

Other things to consider:

What rules can an authorized user have (and what can he do: view, add, … )
The perspective is that of a data center
Multiple types of users
Restrict users

evaachim commented 10 months ago

List of proposed user types:

admin a. manages user resources -> user workflow b. manages other resources c. manages lease requests
super user (suggestion) a. acts as a regular user but with some admin "powers" (i.e. manages a group of users that pertain to him/her) OR acts as the link between users and admins (i.e. processes and filters requests and sends them to admin users).
regular user a. manages his/her own resources (views, adds, edits, removes) b. manages his own lease requests (places, views, edits, deletes)
limited user (suggestion) a. can only view resources and make requests

evaachim commented 10 months ago

APIs that can be used for this purpose by each user:

admin (with a focus on managing other users primarily):
1. add
2. delete
3. lease (approve it - might need to add something for this)
super user:
regular user (with a focus on managing only those resources that belong to him / her):
1. add
2. delete
3. place lease
limited user
1. add

evaachim commented 10 months ago

CRUD Operations for:

CRUD for user-type resources: admins

CRUD for all network resources: admins

CRUD for users in their group: super users CRUD for all network resources in their group: super user

CRUD for their personal resources: regular users

Only VIEW resources: limited users

evaachim commented 10 months ago

CRUD actions allowed for each user - continued -

Admins:

Create: Users and resources, labels (moderate labels) Read: Users and resources, labels (moderate labels) Update: users and resources, labels (moderate labels) Delete: users and resources, labels (moderate labels)

Super Users:

Create: resources Read: resources, users, labels Update: resources, (groups of) users Delete: resources

Regular Users:

Create: (personal) resources Read: (personal) resources, Update: (personal) resources, Delete: (personal) resources,

Limited Users:

Create: no Read: (personal) resources Update: (personal) resources - potentially Delete: (personal) resources - potentially

chuckluv commented 10 months ago

Data Structure Ideas for User Access:


UserAccess map[Resourse UUID]AccessLevels

AccessLevels{ ReadWrite map[User UUID]User ReadOnly map[User UUID]User NoAccess map[User UUID]User }

2.

UserAccess map[User UUID]AccessLevels

AccessLevels{ ReadWrite map[Resourse UUID]Resourse ReadOnly map[Resourse UUID]Resourse NoAccess map[Resourse UUID]Resourse }

evaachim commented 10 months ago

User Labels Ideas for User Group (Resource Type) Access:

resource.group:admin

and -

resource.group:su

and -

resource.group:user

and -

resource.group:limited