blob: 856d70d74b1da7d6c020ea5ed6375b48832c0dae (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
|
# Authentication/authorisation design
## Authentication
* Local database should be independent from other services and copied as a file (SQLite with JSON?)
* Later use other providers, such as gmail
* Later provide REST API & token access
## Authorisation
* Users (authenticated)
* Groups (users are members and you have a group leader) - every user belongs to one group! Groups own the resources.
* Roles define access control (groups have flexible roles) - group can create unique roles. Roles are essentially collections of privileges.
* Resources (pretty flexible, give access to roles) - every data resource is owned by one group!
* Some users can add themselves to groups/roles
* Local database should be independent from other services and copied as a file (SQLite with JSON?)
* Later provide REST API & token access
## Web front-end
* Web front-end which allows management of these users/groups/roles/resources
## Some Related Issues
The following issues are related to this topic.
=> /issues/authorisation Clean Up Authorisation (contains extra info)
=> /topics/authentication/replace-hard-coded-auth-with-gn-proxy Replace Hard coded authentication with gn-proxy
=> /topics/authentication/user-info Put user info in the a/c name in the menu
|
