ACL - unders/mywiki GitHub Wiki

Access Control List

• Datalakes: unclassified, classified, topsecret
• Grants: write, read
• Access Groups: default, bronze, silver, gold, system, admin
• Users: [email protected], [email protected], [email protected], [email protected]

Services

• catalog: "GET /catalog"
• acl: "GET /admin/acl", "POST /admin/acl"
• uploader: "POST /uploader"

type CreateUploaderRequest {
    Datalake string
    Data []byte
    Bucket string
    Source string
}

Database

datalakes
- id
- name
- description

datalakes_write_access_groups
- datalake_id
- access_group_id

datalakes_read_access_groups
- datalake_id
- access_group_id

access_groups
- id
- name
- description

user_access_groups
- user_id  
- access_group_id

users
- id
- email
- password

User
  has_many: access_groups

Datalake
  has_many: read_access_groups
  has_many: write_access_groups

user, err := jwt.Authenticate(req)

err := acl.Datalake(req.Datalake).WritePermission(user)
err := acl.Datalake(req.Datalake).WriteAccess(user)
err := acl.Datalake(req.Datalake).ReadAccess(user)

err := acl.Endpoint("/admin/acl").WriteAccess(user)
err := acl.Endpoint("/admin/acl").ReadAccess(user)
err := acl.Endpoint("/account").ReadAccess(user)

err := acl.Endpoint("/uploader").WriteAccess(user)
err := acl.Datalake(req.Datalake).WriteAccess(user)