Being an extension to the existing backend, stories should be able to inter-operate with it, leveraging existing access control (AC) frameworks to grant/deny access to resources.
However, being a multi-tenant system, a standalone AC system that is able to operate independently of any backend might also be desirable.
Requirements
(MVP - minimal) Implement basic (standalone) access control
(MVP - extension) Support interoperability with existing backend's AC systems for simple grant/deny permissions check
(MVP - extension) Import users data and permissions from main backend
(MVP - extension) Auto-pull/update users data and permissions from main backend
(Extension) Support more granular permissions control such as accessing specific types of resources/groups of the same type of resource
(Extension) Support more user roles such as those defined in #15
(Extension) Support interoperability of users' data with other services/main backend
Background
Being an extension to the existing backend, stories should be able to inter-operate with it, leveraging existing access control (AC) frameworks to grant/deny access to resources.
However, being a multi-tenant system, a standalone AC system that is able to operate independently of any backend might also be desirable.
Requirements