Smile CDR splits authorization into two consecutive steps: 1) Authorization - what action an authenticated user can take (HTTP GET/POST/etc) 2) Consent - what data the authenticated user is allowed to act on
To explore authorization this PR includes the following:
Docs to describe access control use cases and how they would be implemented in Smile CDR
Seed user script to create Smile CDR users with authorization and consent grants
Consent script that defines the access control policies listed in the docs
Motivation
We need to understand how Smile CDR controls access to data. See https://smilecdr.com/docs/security/consent_service.html for details on this.
Approach
Smile CDR splits authorization into two consecutive steps: 1) Authorization - what action an authenticated user can take (HTTP GET/POST/etc) 2) Consent - what data the authenticated user is allowed to act on
To explore authorization this PR includes the following: