Authorisation

Overview

Authorization is the process of granting or denying access to resources and actions within a system based on a user's authenticated identity. Once a user has been authenticated, authorization determines what the user is allowed to do. It involves defining and enforcing rules that specify which users or roles can access specific resources or perform certain actions.

Role

Groups of permissions assigned to users. Roles simplify the management of user permissions by grouping related permissions. The below table shows the list of operations.

Input:

Field
Type
Required
Min Length
Max Length
Validations

Name

String

Y

4

128

Allow alphabet only

Code

String

Y

2

16

Unique check

Description

Text Area

N

2

512

isActive

Boolean

N

NA

NA

True/False

Action/Resource

Action refers to a specific operation that a user, process, or system can perform on a resource. Examples of actions include read, write, delete, update, execute, etc. While a resource represents the entities or objects that need to be protected. Resources can be files, databases, API endpoints, services, or any other assets that require controlled access. In DIGIT, resources are generally API endpoints.

Input:

Field
Type
Required
Min Length
Max Length
Validations

uri

String

Y

1

100

Allow alphabet only

accessType

String

Y

2

16

Enum (OPEN, PROTECTED)

description

Text Area

N

2

512

NA

isActive

Boolean

N

NA

NA

True/False

tag

array

N

1

64

Allow alphabet only

Role-Action Mapping

Role-action mapping is the association between roles and actions, defining which actions are permitted for each role on specific resources. The mapping is required to provide Role Based Access Control(RBAC) functionality.

Input:

Field
Type
Required
Min Length
Max Length
Validations

tenantId

String

Y

1

50

Allow alphabet and dot only

roleCode

String

Y

1

20

Allow alphanumeric only

actionId

String

Y

36

36

uuid

isActive

Boolean

N

NA

NA

True/False

Define Roles & Permissions

Define the roles and their associated permissions:

  • Property Admin: Has access to all property-related APIs (property/*).

  • Property Creator: Has access only to create properties (property/_create).

  • Property Updater: Has access only to update properties (property/_update).

  • Property Searcher: Has access only to search properties (property/_search).

Last updated

All content on this page by eGov Foundation is licensed under a Creative Commons Attribution 4.0 International License.