This repository was archived by the owner on Feb 23, 2022. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 0
Home
ciberch edited this page Sep 13, 2011
·
4 revisions
- Org - An organization or tenant. Example: "Yahoo Inc"
- Owned Resource - A record of ownership between the org and a resource (apps or services)
- Group - A group of users within an org. Example: "Yahoo Mail Developers", "Yahoo NOC". When an org is created by a user, the user will be placed in 2 default groups: "All Employees" and "Administrators". An additional "Developers" group will also be created
- Project - A security context. An org can have many projects. Example: "Yahoo Mail Project". When an org is created it will have a default project assigning "Administrators" and "Developers" access to the resources in the org. "All Employees" won't get any rights
- ACL - The record which assigns permissions between a user or group and a resource (app or service in this case). An ACL belongs to a project
- Users
- Apps
- Services
- org
- group(s)
- user(s) via group_members
- project(s) TODO: Decide if rename to 'Security Context'
- ACL(s)
- entity (ex: user or group)
- route (matches to any resource or set of resources, ex: "groups/1"
- permission
- read?
- update?
- create?
- delete?
- entity (ex: user or group)
- resource(s) via owned_resource TODO: Decide do we need this
- ACL(s)
- owned_resource(s)
- name
- marked_for_transfer?
- deleted?
- owner (ex: org, project)
- resource(s) (ex: app, service)
- resource(s) via owned_resource
- group(s)
- user
- email(s)
- external_identity(ies)
- identity_provider
- standard
- app
- service
- etc
Given a context=Project X, entity A Can entity A perform action B on resource C ?
Sub questions Is resource C accessible from Project X ? Is entity A (or a parent group for entity A) given permissions to resource C in Project X ? Do the permissions given for resource C grant access to action B ?