Authorisation

Overview

Authorization is the process of granting or denying access to resources and actions within a system based on a user's authenticated identity. Once a user has been authenticated, authorization determines what the user is allowed to do. It involves defining and enforcing rules that specify which users or roles can access specific resources or perform certain actions.

Role

Groups of permissions assigned to users. Roles simplify the management of user permissions by grouping related permissions. The below table shows the list of operations.

Input:

Action/Resource

Action refers to a specific operation that a user, process, or system can perform on a resource. Examples of actions include read, write, delete, update, execute, etc. While a resource represents the entities or objects that need to be protected. Resources can be files, databases, API endpoints, services, or any other assets that require controlled access. In DIGIT, resources are generally API endpoints.

Input:

Role-Action Mapping

Role-action mapping is the association between roles and actions, defining which actions are permitted for each role on specific resources. The mapping is required to provide Role Based Access Control(RBAC) functionality.

Input:

Define Roles & Permissions

Define the roles and their associated permissions:

• Property Admin: Has access to all property-related APIs (property/*).

• Property Creator: Has access only to create properties (property/_create).

• Property Updater: Has access only to update properties (property/_update).

• Property Searcher: Has access only to search properties (property/_search).