Authorisation
Overview
Authorization is the process of granting or denying access to resources and actions within a system based on a user's authenticated identity. Once a user has been authenticated, authorization determines what the user is allowed to do. It involves defining and enforcing rules that specify which users or roles can access specific resources or perform certain actions.
Role
Groups of permissions assigned to users. Roles simplify the management of user permissions by grouping related permissions. The below table shows the list of operations.
Input:
| Field | Type | Required | Min Length | Max Length | Validations |
|---|---|---|---|---|---|
Name | String | Y | 4 | 128 | Allow alphabet only |
Code | String | Y | 2 | 16 | Unique check |
Description | Text Area | N | 2 | 512 |
|
isActive | Boolean | N | NA | NA | True/False |
Action/Resource
Action refers to a specific operation that a user, process, or system can perform on a resource. Examples of actions include read, write, delete, update, execute, etc. While a resource represents the entities or objects that need to be protected. Resources can be files, databases, API endpoints, services, or any other assets that require controlled access. In DIGIT, resources are generally API endpoints.
Input:
| Field | Type | Required | Min Length | Max Length | Validations |
|---|---|---|---|---|---|
uri | String | Y | 1 | 100 | Allow alphabet only |
accessType | String | Y | 2 | 16 | Enum (OPEN, PROTECTED) |
description | Text Area | N | 2 | 512 | NA |
isActive | Boolean | N | NA | NA | True/False |
tag | array | N | 1 | 64 | Allow alphabet only |
Role-Action Mapping
Role-action mapping is the association between roles and actions, defining which actions are permitted for each role on specific resources. The mapping is required to provide Role Based Access Control(RBAC) functionality.
Input:
| Field | Type | Required | Min Length | Max Length | Validations |
|---|---|---|---|---|---|
tenantId | String | Y | 1 | 50 | Allow alphabet and dot only |
roleCode | String | Y | 1 | 20 | Allow alphanumeric only |
actionId | String | Y | 36 | 36 | uuid |
isActive | Boolean | N | NA | NA | True/False |
Define Roles & Permissions
Define the roles and their associated permissions:
Property Admin: Has access to all property-related APIs (property/*).
Property Creator: Has access only to create properties (property/_create).
Property Updater: Has access only to update properties (property/_update).
Property Searcher: Has access only to search properties (property/_search).
Last updated