diff --git a/source/internal-interface-design/internal-interface-design.rst b/source/internal-interface-design/internal-interface-design.rst index a20c471..927b610 100644 --- a/source/internal-interface-design/internal-interface-design.rst +++ b/source/internal-interface-design/internal-interface-design.rst @@ -50,31 +50,38 @@ which is explained below. Authorization (Permissions) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +Permissions are given on specific applications to users and API keys through UserGroups. A UserGroup can have multiple permissions. -There is four levels of permissions in OS2IoT: - +There are five levels of permissions in OS2IoT: - Global Admin - - Can do anything + - Can do everything for all organizations and applications + +- Application Admin + + - Is scoped to a single organization and zero or more applications + - Can access and modify applications and Sigfox devices within the user group in that organization -- Organization Admin +- Gateway Admin - Is scoped to a single organization - - Can do anything to that organization - - Can add new users + - Can access and modify gateways within that organization -- Write +- User Admin - - Is scoped to a single organization and zero or more applications - - Can write/create/delete entities within an organization on certain applications + - Is scoped to a single organization + - Can access and modify users and permissions within that organization - Read - Is scoped to a single organization and zero or more applications - Can read (view) entities within certain applications within an organization -The permissions are hieratical, meaning that you implicitly have all lesser permissions than the ones you have explicitly. -For instance, if a user is an Organization Admin for an Organization, then that user also have the Write and Read permissions. +Each of the admin permissions is part of a hierarchy with the read permission. If you have an Admin permission within an organization, with zero or more applications, you have an +implicit read permission within that scope. +For instance, if a user has Application Admin within an Organization, then that user also has Read permission within it. + +Global Admin is at the top of the hierarchy and can thus do what any of the other permissions provide access to. .. include:: api-key-access.rst \ No newline at end of file diff --git a/source/logical-data-model/logical-datamodel.rst b/source/logical-data-model/logical-datamodel.rst index 9be5c94..2201865 100644 --- a/source/logical-data-model/logical-datamodel.rst +++ b/source/logical-data-model/logical-datamodel.rst @@ -60,9 +60,10 @@ PermissionLevel ~~~~~~~~~~~~~~~ 1. Read -2. Write -3. OrgAdmin -4. GlobalAdministrator +2. OrganizationUserAdmin +3. OrganizationGatewayAdmin +4. OrganizationApplicationAdmin +5. GlobalAdmin ActionType ~~~~~~~~~~~~~~~ @@ -156,11 +157,10 @@ PermissionType ~~~~~~~~~~~~~~~~~ 1. GlobalAdmin -2. OrganizationAdmin -3. Write -4. Read -5. OrganizationPermission -6. OrganizationApplicationPermissions +2. OrganizationApplicationAdmin +3. OrganizationGatewayAdmin +4. OrganizationUserAdmin +5. Read SendStatus ~~~~~~~~~~~~~~~~~ diff --git a/source/logical-data-model/media/image4.png b/source/logical-data-model/media/image4.png index f598886..76cff24 100644 Binary files a/source/logical-data-model/media/image4.png and b/source/logical-data-model/media/image4.png differ diff --git a/source/software-architecture/media/image9.png b/source/software-architecture/media/image9.png index b6ca3e9..a0617e7 100644 Binary files a/source/software-architecture/media/image9.png and b/source/software-architecture/media/image9.png differ diff --git a/source/software-architecture/software-architecture.rst b/source/software-architecture/software-architecture.rst index c387962..f75b70f 100644 --- a/source/software-architecture/software-architecture.rst +++ b/source/software-architecture/software-architecture.rst @@ -200,24 +200,31 @@ Security perspective -------------------- This figure shows the classes which make up the permission model for OS2IoT. -A User has zero or more permission, these permissions are each one of four concrete types: +A user is part of zero or more permissions (user groups). Each permission has one or more permission types +which determine what's accessible within the organization. The concrete types are as follows: 1. GlobalAdmin + a. Each domain instance of OS2IoT has at least 1 user with this type, which is created on the first startup of the backend. + b. Users with the GlobalAdmin role can assign other users to also have the GlobalAdmin role -2. OrganizationAdmin +2. OrganizationApplicationAdmin a. This relates to a single organization + b. This relates to a list of users within that organization. Access is granted to parts of the system requiring this type -3. Write +3. OrganizationGatewayAdmin a. This relates to a single organization + b. This relates to a list of users within that organization. Access is granted to parts of the system requiring this type + +4. OrganizationUserAdmin - b. This relates to a list of applications within that organization + a. This relates to a single organization + b. This relates to a list of users within that organization. Access is granted to parts of the system requiring this type -4. Read +5. Read a. This relates to a single organization - b. This relates to a list of applications within that organization @@ -254,20 +261,21 @@ Authorization ^^^^^^^^^^^^^ By default, a user does not have access to data in OS2iot. A global -admin or Organization admin must manually give the user permissions to +admin or User admin must manually give the user permissions to organizations or applications. User permissions ^^^^^^^^^^^^^^^^ -================== ==================== ======================================================= -User role System name Permissions -================== ==================== ======================================================= -Global admin Globaladmin Super user, CRUD everything within the domain -Organization admin Orgadmin Manage permissions for an organization and its applications -Write access Write Create, modify and delete objects within an application -Read access Read Read all data within an application. -================== ==================== ======================================================= +=================== ============================= ======================================================================== +User role System name Permissions +=================== ============================= ======================================================================== +Global admin GlobalAdmin Super user, CRUD everything within the domain +Application admin OrganizationApplicationAdmin Access and modify applications, DeviceModels and IoT devices within an organization +Gateway admin OrganizationGatewayAdmin CRUD gateways within an organization +User admin OrganizationUserAdmin CRUD users and permissions within an organization +Read access Read Read all data within an application. +=================== ============================= ======================================================================== Web application security ~~~~~~~~~~~~~~~~~~~~~~~~ diff --git a/source/user-interface-design/ui-design.rst b/source/user-interface-design/ui-design.rst index d144896..eeeeed3 100644 --- a/source/user-interface-design/ui-design.rst +++ b/source/user-interface-design/ui-design.rst @@ -184,7 +184,7 @@ In short you can navigate forth and back in, and you can access all first level Futhermore, to get transparency for the user to understand which are transverse or organizational filtered features the navigation menu is divided into three topics in which they each serve an purpose: - - **Administration level** - Is only visible for Global Administrator and Organization Administrator, and is controlling the read and write rights for the members of each application + - **Administration level** - Is only visible for Global Administrator and User Administrator, and is controls the read and write rights for the members of each application - **Organization level** - Is where you can add Applications, Sigfox Administration, and Device Models to a certain organization. - **Transverse level** - is where you can create cross-cutting Gateways, Payload Decoder, and LoRaWan Profiles so all organizations can use these features or add-ons. @@ -193,23 +193,26 @@ In order to get transparency on integrating the Sigfox Administration you first User Rights ~~~~~~~~~~~~~ -It requires a certain right to be able to access certain features with global-admin, organizations admin, or write/read features. +It requires a certain right to be able to access certain features with the different admin and read roles. Navigation to the system with global-admin functions is done by - 1) adding a whole section for administrative use for global-admin to control the system of user, user groups(permissions), and organizations + 1) adding a whole section for administrative use for global-admin to control the system of user, user groups (permissions), and organizations 2) adding new organizaions to the system - 3) given write rights (delete and edit) to everything inside the organization + 3) giving admin rights (delete and edit) to everything inside the organization 4) activation of another global-admin user -Navigation to the system with organization-admin functions is done by - 1) adding system control of user, user groups (permissions) to the organization pane - 2) given write rights (delete and edit) to everything inside the organization +Navigation to the system with application admin functions is done by + 1) giving admin rights (delete and edit) to applications and Sigfox devices inside the organization + +Navigation to the system with gateway admin functions is done by + 1) giving admin rights (delete and edit) to gateways inside the organization -Navigation to the system with write functions is done by - 1) given write rights (delete and edit) to everything inside the organization +Navigation to the system with user admin functions is done by + 1) adding system control of user, user groups (permissions) to the organization pane + 2) giving admin rights (delete and edit) to users and user groups Navigation to the system with read functions is done by - 1) given read rights and cannot delete or edit anything inside the organization + 1) giving read rights and cannot delete or edit anything inside the organization Global Search @@ -322,7 +325,7 @@ Hide components and buttons ~~~~~~~~~~~~~~~~~~~~~~~~~~~ Action Buttons in tables and list on overview pages are hidden if the user does not have rights to use / view them. [Picture] shows a user with write access to a certain organisation and cannot delete a device profile if not granted the rights to it -[Picture] shows a organisation admin with visible buttons in the same view. +[Picture] shows an organization admin with visible buttons in the same view. User with read rights.