RBAC: Role Based Access Control
Service Layer authorization model is based on role based access control. Roles and Policies will be defined for each service and that will determine the access privilege a user or a group of users would have in the system. RBAC is made of four elements:
- Roles - Bring Users, Groups, Policies together. Roles define what users can do with a resource.
- Users - Principal that is requesting access to a resource.
- Policies - List of rules that defines access to a resource.
- Resources - Things you want to grant access to.
Role Definition for Service Layer
The roles defined for Service Layer will be per service rather than per resource. Roles by service means that each service will define roles required to access that particular service. For instance, a Policy Service will define roles that will be used by Segments and Roles with-in that policy. The roles are not defined by resources or entities. Since segments and policy roles can not be accessed outside the context of a policy.
| Role Name | Role Description | Role Privilege | Role Association |
|---|---|---|---|
| SL_ADMIN | Service Layer Administrator | Permit All | All Services |
| POLICY_READ | Policy Read Access | GET | Policy, Segment, Role |
| POLICY_WRITE | Policy Write Access | PUT, POST | Policy, Segment, Role |
| POLICY_DELETE | Policy Delete Access | DELETE | Policy, Segment, Role |
| CLIENT_READ | Client Read Access | GET | Client, Address, Phone |
| CLIENT_WRITE | Client Write Access | PUT, POST | Client, Address, Phone |
| CLIENT_DELETE | Client Delete Access | DELETE | Client, Address, Phone |
