Add your comments directly to the page. Include links to any relevant research, data, or feedback.
Background
At the moment the user’s permission schema is realized with four tables in the DB:
USERS: contains users and passwords
GROUPS: contains users’ groups
MENUITEM: contains all functionalities among menuitems, submenus and buttons
GROUPMENU: contains the associations between GROUPS and MENUITEM
This is ok for the Swing GUI, but in a REST application the workflow is slighty different
Relevant data
It would be nice to use the same DB tables, by adding new ones
Options considered
Option 1: | Option 2: | |
---|---|---|
Description | ||
Pros and cons | There’s a React guideline It is already implemented Doesn’t provide fine graned policies as ABAC | provides fine graned policies for accessing resources (see examples) it requires a new complex architecture (see architecture) |
Estimated cost | LOW | MEDIUM |
Action items
- To define a permissions’ schema pattern
- To create a Jira issue with the specifications ( - OP-727Getting issue details... STATUS )
Outcome
Different analysis led to the same conclusion: in order to improve (in the short-term) the actual permissions system in the web application (core+api+ui) with minimum changes it will be enough to develop the proposed solution (Paurav Munshi) which introduces:
a DB table for “Entitlements” (CRUD for each entity)
a DB table for “Group-Entitlements” definition (linked to the actual USERGROUP)
NICE TO HAVE a DB table for “User-Usergroup” association that allows multiple roles to the same user (it will affect also how the application works in non-web environment (core+gui)