User's permission schema

Add your comments directly to the page. Include links to any relevant research, data, or feedback.

Status

IN PROGRESS

Impact

MEDIUM (core+api+ui) or HIGH (core+api+ui+gui)

Driver

@Alessandro Domanico 

Approver

@Alessandro Domanico

Stakeholders

@Antonio Verni @Niccolò Pasquetto @Riccardo Costa @Paurav Munshi @Alessandro Falezza @Andrei Dodu

Informed

@Ilario Gavioli

Due date

Apr 30, 2020

Outcome

Option 1: RBAC

Background

At the moment the user’s permission schema is realized with four tables in the DB:

  • USERS: contains users and passwords

  • GROUPS: contains users’ groups

  • MENUITEM: contains all functionalities among menuitems, submenus and buttons

  • GROUPMENU: contains the associations between GROUPS and MENUITEM

This is ok for the Swing GUI, but in a REST application the workflow is slighty different

Relevant data

It would be nice to use the same DB tables, by adding new ones

Options considered

 

Option 1:

Option 2:

 

Option 1:

Option 2:

Description

RBAC

ABAC

Pros and cons

There’s a React guideline

It is already implemented

Doesn’t provide fine graned policies as ABAC

provides fine graned policies for accessing resources (see examples)

it requires a new complex architecture (see architecture)

Estimated cost

LOW

MEDIUM

Action items

To define a permissions’ schema pattern
To create a Jira issue with the specifications (https://openhospital.atlassian.net/browse/OP-868)

Outcome

Different analysis led to the same conclusion: in order to improve (in the short-term) the actual permissions system in the web application (core+api+ui) with minimum changes it will be enough to develop the proposed solution (@Paurav Munshi) which introduces:

  • a DB table for “Entitlements” (CRUD for each entity)

  • a DB table for “Group-Entitlements” definition (linked to the actual USERGROUP)

  • NICE TO HAVE a DB table for “User-Usergroup” association that allows multiple roles to the same user (it will affect also how the application works in non-web environment (core+gui)

Open Hospital powered by ISF
2005 - 2016 ISF © Informatici senza frontiere - ONLUS