(Detailed Design) Aleph2 security roles and permissions - IKANOW/Aleph2 GitHub Wiki

Overview

This page describes the built-in role templates used in Aleph2, and will also serve as a repository for commonly used "custom" roles

The Permission string

The permission string is comprised of the security asset name, an action and the security asset's id or name.

<security_asset>:<action>:<id>

A wildcard character "*" can be used for each one of the parts of the permission string and will allow for all specific values.

Please note that role names are just used as a simple value string.

Built-in roles and permissions - core

Built-in permissions - core

  • DataBucketBean:[read|write|read,write|*]:<_id field>
  • DataBucketBean:[read|write|read,write|*]:<full_name - '/' is replaced with ':'>
  • SharedLibraryBean:[read|write|read,write|*]:<_id field>
  • SharedLibraryBean:[read|write|read,write|*]:<path - '/' is replaced with ':'>

Built-in roles - core:

  • The principal name is added as a role (eg "social.person._id" for v1).
  • The string "admin" is added as a role for admin users (eg currently based on v1 authentication)

Built-in roles and permissions - V1

Built in permissions - V1

  • community:[read|write|read,write|*]:<community id>
  • source:[read|write|read,write|*]:<source id>

Built-in roles - V1

  • (as noted under core roles, "social.person._id" is used as the principal when v1 authentication is used)

Custom roles and permissions

(None yet)

Add a custom footer
⚠️ **GitHub.com Fallback** ⚠️