Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Access Control Policies #445

Open
k-allagbe opened this issue Feb 4, 2025 · 1 comment
Open

Access Control Policies #445

k-allagbe opened this issue Feb 4, 2025 · 1 comment
Labels
epic This is an issue focusing on the contextualisions of a high-level problem

Comments

@k-allagbe
Copy link
Member

k-allagbe commented Feb 4, 2025
edited by Francois-Werbrouck
Loading

Context

We want our application to uses a combination of roles and permissions to manage access
control. This system would allows us to attribute specific roles to users, which
define their access to various features of the application. Additionally,
permissions are used to manage access to user-owned resources (Discretionary
access control).

Roles

Roles are used to define the overall access level of a user within the
application. The roles are stored in the roles table and include the following:

  • dev: Developers with full access to all features.
  • admin: Administrators with full access to all features except the dev
    menu.
  • team leader: Users with elevated privileges to manage teams (groups).
  • inspector: Users with limited access.

Permissions

Permissions are used to manage access to user-owned resources called containers.
A user can manage who can see and upload content into their container. The
permissions are stored in the permission table and include the following:

  • read: Permission to view content in a container.
  • write: Permission to upload/delete content to a container.
  • owner: Full control over the container, including managing permissions for
    other users.

Desired Outcome

  • Ensure the system is flexible enough to accommodate future role changes.
  • Allow user to control who can view, edit and manage their inspections data (Discretionary
    access control)
  • Introduce a RBAC to allow dev to restrict user's access to certain features

Tasks

Frontend

  • User interface to manage your resources (Groups, Container permissions,etc)
  • Allow user to select which resource they want to upload their data into (which container/folder)
  • Allow dev [and admin?] to switch between a regular user mode and their elevated privileges

Backend

  • Use the datastore provided structure to upload content into the Storage
  • Ensure a flexible and robust workflow to parse and select the user resources
  • Handle the business logic regarding the Roles and permissions of users with the provided controllers

Datastore

  • Offer Controllers for the relevant entites (User,Group, Container)
  • Ensure the permissions are working and the resources are secure

Infra

  • Ensure the dev have a User account with dev permissions
  • Ensure the data scientists have a dev account and can access user resources/data for training purposes
@k-allagbe k-allagbe added the epic This is an issue focusing on the contextualisions of a high-level problem label Feb 4, 2025
@k-allagbe k-allagbe moved this to Todo in FertiScan Feb 4, 2025
@Francois-Werbrouck
Copy link

I'd rename the Epic "Access control policies" since it isn't only a role base access control

@Francois-Werbrouck Francois-Werbrouck changed the title RBAC Access Control Policies Feb 4, 2025
@k-allagbe k-allagbe moved this from Todo to Paused in FertiScan Feb 24, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
epic This is an issue focusing on the contextualisions of a high-level problem
Projects
FertiScan
Status: Paused
Milestone
No milestone
Development

No branches or pull requests
2 participants
@k-allagbe @Francois-Werbrouck