Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Page Properties
label

Status

Status
colourYellow
titleIN PROGRESS

Impact

Status
colourYellow
titleMEDIUM
(core+api+ui) or
Status
colourRed
titleHIGH
(core+api+ui+gui)

Driver

Alessandro Domanico 

Approver

Alessandro Domanico

Stakeholders

Antonio Verni Niccolò Pasquetto Riccardo Costa Paurav Munshi Alessandro Falezza Andrei Dodu

Informed

Ilario Gavioli

Due date

Outcome

Option 1: RBAC

Background

At the moment the user’s permission schema is realized with four tables in the DB:

...

Option 1:

Option 2:

Description

RBAC

ABAC

Pros and cons

(plus) There’s a React guideline

(plus) It is already implemented

(minus) Doesn’t provide fine graned policies as ABAC

(plus) provides fine graned policies for accessing resources (see examples)

(minus) it requires a new complex architecture (see architecture)

Estimated cost

Status
colourRedGreen
titleLARGELOW

Status
colourYellow
titleMEDIUM

Action items

  •  To define a permissions’ schema pattern
  •  To create a Jira issue with the specifications (
    Jira Legacy
    serverSystem JIRA
    serverIdf0d90336-9135-337c-8387-a97c21b1155f
    keyOP-868
    )

Outcome

Different analysis led to the same conclusion: in order to improve (in the short-term) the actual permissions system in the web application (core+api+ui) with minimum changes it will be enough to develop the proposed solution (Paurav Munshi) which introduces:

  • a DB table for “Entitlements” (CRUD for each entity)

  • a DB table for “Group-Entitlements” definition (linked to the actual USERGROUP)

  • Status
    colourBlue
    titleNICE TO HAVE
    a DB table for “User-Usergroup” association that allows multiple roles to the same user (it will affect also how the application works in non-web environment (core+gui)