Info |
---|
Add your comments directly to the page. Include links to any relevant research, data, or feedback. |
Page Properties | |||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| |||||||||||||||||||||||||||||||||||||
Impact
Not started |
|
Background
At the moment the user’s permission schema is realized with four tables in the DB:
...
This is ok for the Swing GUI, but in a REST application the workflow is slighty different
...
Relevant data
It would be nice to use the same DB tables, by adding new ones
Options considered
Option 1: | Option 2: | |
---|---|---|
Description |
Pros and cons | There’s a React guideline It is already implemented Doesn’t provide fine graned policies as ABAC | provides fine graned policies for accessing resources (see examples) it requires a new complex architecture (see architecture) | ||
---|---|---|---|---|
Estimated cost |
|
|
|
|
Action items
- To define a permissions’ schema pattern
- To create a Jira issue with the specifications (
)Jira Legacy server System JIRA serverId f0d90336-9135-337c-8387-a97c21b1155f key OP-868
Outcome
Different analysis led to the same conclusion: in order to improve (in the short-term) the actual permissions system in the web application (core+api+ui) with minimum changes it will be enough to develop the proposed solution (Paurav Munshi) which introduces:
a DB table for “Entitlements” (CRUD for each entity)
a DB table for “Group-Entitlements” definition (linked to the actual USERGROUP)
a DB table for “User-Usergroup” association that allows multiple roles to the same user (it will affect also how the application works in non-web environment (core+gui)Status colour Blue title NICE TO HAVE