Authorisation
Last updated
Last updated
All content on this page by eGov Foundation is licensed under a Creative Commons Attribution 4.0 International License.
Authorization is the process of granting or denying access to resources and actions within a system based on a user's authenticated identity. Once a user has been authenticated, authorization determines what the user is allowed to do. It involves defining and enforcing rules that specify which users or roles can access specific resources or perform certain actions.
Groups of permissions assigned to users. Roles simplify the management of user permissions by grouping related permissions. The below table shows the list of operations.
Input:
Field | Type | Required | Min Length | Max Length | Validations |
---|---|---|---|---|---|
Action refers to a specific operation that a user, process, or system can perform on a resource. Examples of actions include read, write, delete, update, execute, etc. While a resource represents the entities or objects that need to be protected. Resources can be files, databases, API endpoints, services, or any other assets that require controlled access. In DIGIT, resources are generally API endpoints.
Input:
Field | Type | Required | Min Length | Max Length | Validations |
---|---|---|---|---|---|
Role-action mapping is the association between roles and actions, defining which actions are permitted for each role on specific resources. The mapping is required to provide Role Based Access Control(RBAC) functionality.
Input:
Define the roles and their associated permissions:
Property Admin: Has access to all property-related APIs (property/*).
Property Creator: Has access only to create properties (property/_create).
Property Updater: Has access only to update properties (property/_update).
Property Searcher: Has access only to search properties (property/_search).
Field | Type | Required | Min Length | Max Length | Validations |
---|---|---|---|---|---|
Name
String
Y
4
128
Allow alphabet only
Code
String
Y
2
16
Unique check
Description
Text Area
N
2
512
isActive
Boolean
N
NA
NA
True/False
uri
String
Y
1
100
Allow alphabet only
accessType
String
Y
2
16
Enum (OPEN, PROTECTED)
description
Text Area
N
2
512
NA
isActive
Boolean
N
NA
NA
True/False
tag
array
N
1
64
Allow alphabet only
tenantId
String
Y
1
50
Allow alphabet and dot only
roleCode
String
Y
1
20
Allow alphanumeric only
actionId
String
Y
36
36
uuid
isActive
Boolean
N
NA
NA
True/False