New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[portal] Custom user Roles #555

Closed
NicolasGeraud opened this Issue Apr 24, 2017 · 0 comments

Comments

Projects
None yet
2 participants
@NicolasGeraud
Member

NicolasGeraud commented Apr 24, 2017

Administrator need the ability to create custom user role.

Vocabulary

  • role: a group of permissions
  • permission: an authorization to do something

Do not use profile/authorization to avoid confusion. Only role and permissions.
Each resource (from the management api point of view) will be defined with 4 permissions (if it's relevant):

  • __C__reate
  • __R__ead
  • __U__pdate
  • __D__elete

For example we will have :

  • TENANT_CREATE
  • TENANT_READ
  • TENANT_UPDATE
  • TENANT_DELETE

So wen can create a role TENANT_READER, with the permission TENANT_READ

Each Role will be scoped :

  • API
  • APPLICATION
  • PORTAL
  • MANAGEMENT

Admin can create a custom role and select read/modify/nothing for each action.
A user could have a list of roles. If 2 roles define different permissions on the same resource, the user will have the union of all permissions:

  • RoleA: TENANT_READ
  • RoleB: TENANT_DELETE
  • User: RoleA,RoleB

=> The user will have the following permissions : TENANT_READ, TENANT_DELETE.

Permission list

                  CREATE  READ  UPDATE  DELETE
MANAGEMENT
    Instance       [ ]    [X]    [ ]     [ ]
    View           [X]    [X]    [X]     [X]
    Group          [X]    [X]    [X]     [X]
    Tag            [X]    [X]    [X]     [X]
    Tenant         [X]    [X]    [X]     [X]
    API            [X]    [ ]    [ ]     [ ]
    Platform       [ ]    [X]    [ ]     [ ]
    Role           [X]    [X]    [X]     [X]
PORTAL
    Metadata       [X]    [X]    [X]     [X]
    Page           [X]    [X]    [X]     [X]
    Application    [X]    [ ]    [ ]     [ ]
API
    Definition     [ ]    [X]    [X]     [X]
    Plan           [X]    [X]    [X]     [X]
    Subscription   [X]    [X]    [X]     [X]
    Member         [X]    [X]    [X]     [X]
    Metadata       [X]    [X]    [X]     [X]
    Analytic       [ ]    [X]    [ ]     [ ]
    Event          [ ]    [X]    [ ]     [ ]
    Health         [ ]    [X]    [ ]     [ ]
    Log            [ ]    [X]    [ ]     [ ]
    Page           [X]    [X]    [X]     [X]
APPLICATION
    Definition     [ ]    [X]    [X]     [X]
    Member         [X]    [X]    [X]     [X]
    Analytic       [ ]    [X]    [ ]     [ ]
    Log            [ ]    [X]    [ ]     [ ]

We also need to develop a new "Users" screen where administrator could associate a user and roles. Users will be those previously connected.

Repository

We need a repository to store roles and a repository to store user roles.
Because role is a collection of CRUD permissions on a resource, we could store it like unix permissions :

C : 0/1
R : 0/1
U : 0/1
D : 0/1

CRUD = 1111 = 15
C = 1000 = 8
UD = 0011 = 3

We also have to store the resource, this is done via a 4 digits mask by scope :

MANAGEMENT
    Instance : 10xx
    View     : 11xx
    Group    : 12xx
    Tag      : 13xx
    Tenant   : 14xx
    API      : 15xx
    Plaftorm : 16xx
    Role     : 17xx
PORTAL
    Metadata   : 10xx
    Page       : 11xx
    Application: 12xx

So a management role which represent read-only on Instances and CRUD on Views is represented by [1004, 1115]

 --------------------------------------
| Role                                 |
 --------------------------------------
| string id <pk>  // 1234-5678         |
| string name // PLATFORM_READER       |
| int scope // (1) MANAGEMENT          |
| int[] permissions                    |
|       // [ 1008, 1203 ]              |
 --------------------------------------

 ----------------------------------
| UserRole                         |
 ----------------------------------
| string user <pk>  // johndoe     |
| string referenceType <pk> // API |
| string referenceId <pk> // 234354|
| list<string> roles               |
|         // [ 1234-5678,          |
|         //   1235-1678,          |
|         //   5234-5178 ]         |
 ----------------------------------

@NicolasGeraud NicolasGeraud added this to the 1.7.0 milestone Apr 24, 2017

@NicolasGeraud NicolasGeraud changed the title from [portal] Custom user profile to [portal] Custom user Roles May 24, 2017

NicolasGeraud added a commit to gravitee-io/gravitee-repository that referenced this issue Jun 14, 2017

@NicolasGeraud NicolasGeraud self-assigned this Jun 14, 2017

NicolasGeraud added a commit to gravitee-io/gravitee-repository-test that referenced this issue Jun 14, 2017

NicolasGeraud added a commit to gravitee-io/gravitee-repository-mongodb that referenced this issue Jun 14, 2017

NicolasGeraud added a commit to gravitee-io/gravitee-repository that referenced this issue Jun 15, 2017

NicolasGeraud added a commit to gravitee-io/gravitee-repository-test that referenced this issue Jun 15, 2017

NicolasGeraud added a commit to gravitee-io/gravitee-repository-mongodb that referenced this issue Jun 15, 2017

NicolasGeraud added a commit to gravitee-io/gravitee-repository-mongodb that referenced this issue Jun 15, 2017

NicolasGeraud added a commit to gravitee-io/gravitee-management-rest-api that referenced this issue Jun 15, 2017

NicolasGeraud added a commit to gravitee-io-community/gravitee-repository-cassandra that referenced this issue Jul 12, 2017

NicolasGeraud added a commit to gravitee-io-community/gravitee-repository-dynamodb that referenced this issue Jul 12, 2017

NicolasGeraud added a commit to gravitee-io/gravitee-management-rest-api that referenced this issue Jul 12, 2017

NicolasGeraud added a commit to gravitee-io/gravitee-management-rest-api that referenced this issue Jul 12, 2017

NicolasGeraud added a commit to gravitee-io/gravitee-management-rest-api that referenced this issue Jul 13, 2017

NicolasGeraud added a commit to gravitee-io/gravitee-repository-mongodb that referenced this issue Jul 13, 2017

NicolasGeraud added a commit to gravitee-io/gravitee-management-rest-api that referenced this issue Jul 13, 2017

NicolasGeraud added a commit to gravitee-io/gravitee-management-rest-api that referenced this issue Jul 13, 2017

NicolasGeraud added a commit to gravitee-io/gravitee-management-rest-api that referenced this issue Jul 13, 2017

NicolasGeraud added a commit to gravitee-io/gravitee-management-rest-api that referenced this issue Jul 14, 2017

NicolasGeraud added a commit to gravitee-io/gravitee-management-rest-api that referenced this issue Jul 14, 2017

aelamrani added a commit to gravitee-io/gravitee-management-rest-api that referenced this issue Jul 15, 2017

NicolasGeraud added a commit to gravitee-io/gravitee-management-rest-api that referenced this issue Jul 16, 2017

NicolasGeraud added a commit to gravitee-io/gravitee-management-rest-api that referenced this issue Jul 17, 2017

NicolasGeraud added a commit to gravitee-io/gravitee-management-rest-api that referenced this issue Jul 17, 2017

brasseld added a commit to gravitee-io/gravitee-management-rest-api that referenced this issue Jul 17, 2017

NicolasGeraud added a commit to gravitee-io/gravitee-management-rest-api that referenced this issue Jul 17, 2017

brasseld added a commit to gravitee-io/gravitee-repository that referenced this issue Jul 17, 2017

brasseld added a commit to gravitee-io-community/gravitee-repository-cassandra that referenced this issue Jul 17, 2017

brasseld added a commit to gravitee-io-community/gravitee-repository-dynamodb that referenced this issue Jul 17, 2017

brasseld added a commit to gravitee-io/gravitee-repository-test that referenced this issue Jul 17, 2017

brasseld added a commit to gravitee-io/gravitee-repository-mongodb that referenced this issue Jul 17, 2017

brasseld added a commit to gravitee-io/gravitee-repository-redis that referenced this issue Jul 17, 2017

brasseld added a commit to gravitee-io/gravitee-management-rest-api that referenced this issue Jul 17, 2017

brasseld added a commit to gravitee-io/release that referenced this issue Jul 17, 2017

brasseld added a commit to gravitee-io/gravitee-gateway that referenced this issue Jul 17, 2017

brasseld added a commit to gravitee-io/gravitee-gateway that referenced this issue Jul 17, 2017

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment