User's permission schema
- Alessandro Domanico
Add your comments directly to the page. Include links to any relevant research, data, or feedback.
Status | IN PROGRESS |
|---|---|
Impact | MEDIUM (core+api+ui) or HIGH (core+api+ui+gui) |
Driver | @Alessandro Domanico |
Approver | @Alessandro Domanico |
Stakeholders | @Antonio Verni @Niccolò Pasquetto @Riccardo Costa @Paurav Munshi @Alessandro Falezza @Andrei Dodu |
Informed | @Ilario Gavioli |
Due date | Apr 30, 2020 |
Outcome | Option 1: RBAC |
Background
At the moment the user’s permission schema is realized with four tables in the DB:
USERS: contains users and passwords
GROUPS: contains users’ groups
MENUITEM: contains all functionalities among menuitems, submenus and buttons
GROUPMENU: contains the associations between GROUPS and MENUITEM
This is ok for the Swing GUI, but in a REST application the workflow is slighty different
Relevant data
It would be nice to use the same DB tables, by adding new ones
Options considered
| Option 1: | Option 2: |
|---|---|---|
Description | ||
Pros and cons | There’s a React guideline It is already implemented Doesn’t provide fine graned policies as ABAC | provides fine graned policies for accessing resources (see examples) it requires a new complex architecture (see architecture) |
Estimated cost | LOW | MEDIUM |
Action items
Outcome
Different analysis led to the same conclusion: in order to improve (in the short-term) the actual permissions system in the web application (core+api+ui) with minimum changes it will be enough to develop the proposed solution (@Paurav Munshi) which introduces:
a DB table for “Entitlements” (CRUD for each entity)
a DB table for “Group-Entitlements” definition (linked to the actual USERGROUP)
NICE TO HAVE a DB table for “User-Usergroup” association that allows multiple roles to the same user (it will affect also how the application works in non-web environment (core+gui)
Open Hospital powered by ISF
2005 - 2016 ISF © Informatici senza frontiere - ONLUS