...
Page Properties | ||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ||||||||||||||||||||||||||||||||||
|
Background
At the moment the user’s permission schema is realized with four tables in the DB:
...
Option 1: | Option 2: | |||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Description | ||||||||||||||
Pros and cons | There’s a React guideline It is already implemented Doesn’t provide fine graned policies as ABAC | provides fine graned policies for accessing resources (see examples) it requires a new complex architecture (see architecture) | ||||||||||||
Estimated cost |
|
|
Action items
- To define a permissions’ schema pattern
- To create a Jira issue with the specifications (
)Jira Legacy server System JIRA serverId f0d90336-9135-337c-8387-a97c21b1155f key OP-868
Outcome
Different analysis led to the same conclusion: in order to improve (in the short-term) the actual permissions system in the web application (core+api+ui) with minimum changes it will be enough to develop the proposed solution (Paurav Munshi) which introduces:
a DB table for “Entitlements” (CRUD for each entity)
a DB table for “Group-Entitlements” definition (linked to the actual USERGROUP)
a DB table for “User-Usergroup” association that allows multiple roles to the same user (it will affect also how the application works in non-web environment (core+gui)Status colour Blue title NICE TO HAVE