Role Based Access Control

Service Layer authorization model is based on role based access control. Roles and Policies will be defined for each service and that will determine the access privilege a user or a group of users would have in the system. RBAC is made of four elements:

• Roles - Bring Users, Groups, Policies together. Roles define what users can do with a resource.
• Users - Principal that is requesting access to a resource.
• Policies - List of rules that defines access to a resource.
• Resources - Things you want to grant access to.

Role Definition for Service Layer

The roles defined for Service Layer will be per service rather than per resource. Roles by service means that each service will define roles required to access that particular service. For instance, a Policy Service will define roles that will be used by Segments and Roles with-in that policy. The roles are not defined by resources or entities. Since segments and policy roles can not be accessed outside the context of a policy.

Possible Roles and their privileges

Role Name	Role Description	Role Privilege	Role Association
SL_ADMIN	Service Layer Administrator	Permit All	All Services
POLICY_READ	Policy Read Access	GET	Policy
POLICY_CREATE	Policy Write Access For Create	POST	Policy
POLICY_UPDATE	Policy Write Access For Update	PUT	Policy
POLICY_DELETE	Policy Delete Access	DELETE	Policy
CLIENT_READ	Client Read Access	GET	Client
CLIENT_CREATE	Client Write Access For Create	POST	Client
CLIENT_UPDATE	Client Write Access For Update	PUT	Client
CLIENT_DELETE	Client Delete Access	DELETE	Client
CASE_READ	Case Read Access	GET	Case
CASE_CREATE	Case Write Access For Create	POST	Case
CASE_UPDATE	Case Write Access For Update	PUT	Case
CASE_DELETE	Case Delete Access	DELETE	Case
GROUPCUSTOMER_READ	Customer Read Access	GET	Customer
GROUPCUSTOMER_CREATE	Customer Write Access For Create	POST	Customer
GROUPCUSTOMER_UPDATE	Customer Write Access For Update	PUT	Customer
GROUPCUSTOMER_DELETE	Customer Delete Access	DELETE	Customer
CLIENTRELATIONSHIP_READ	Client Relationship	GET	Client Relationship
CLIENTRELATIONSHIP_CREATE	Client Relationship Write Access For Create	POST	Client Relationship
CLIENTRELATIONSHIP_UPDATE	Client Relationship Write Access For Update	PUT	Client Relationship
CLIENTRELATIONSHIP_DELETE	Client Relationship Delete Access	DELETE	Client Relationship
QUERY_READ	Query Read Access	GET	Query
QUERY_CREATE, QUERY_UPDATE	Query Write Access	POST	Query
QUERY_DELETE	Query Delete Access	DELETE	Query
COMPANY_READ	Company Read Access	GET	Company
PRODUCT_READ	Product Read Access	GET	Product
PLAN_READ	Plan Read Access	GET	Plan
SEGMENT_READ	Segment Read Access	GET	Segment
SEGMENT_CREATE	Segment Write Access For Create	POST	Segment
SEGMENT_UPDATE	Segment Write Access For Update	PUT	Segment
SEGMENT_DELETE	Segment Delete Access	DELETE	Segment
ROLE_READ	Role Read Access	GET	Role
ROLE_CREATE	Role Write Access For Create	POST	Role
ROLE_UPDATE	Role Write Access For Update	PUT	Role
ROLE_DELETE	Role Delete Access	DELETE	Role
SEGMENTROLE_READ	Segment Role Read Access	GET	Segment Role
SEGMENTROLE_CREATE	Segment Role Write Access For Create	POST	Segment Role
SEGMENTROLE_UPDATE	Segment Role Write Access For Update	PUT	SegmentRole
SEGMENTROLE_DELETE	Segment Role Delete Access	DELETE	Segment Role
REQUIREMENT_READ	Requirement Read Access	GET	Requirement
REQUIREMENT_CREATE	Requirement Write Access For Create	POST	Requirement
REQUIREMENT_UPDATE	Requirement Write Access For Update	PUT	Requirement
REQUIREMENT_DELETE	Requirement Delete Access	DELETE	Requirement
IMPAIRMENT_READ	Impairment Read Access	GET	Impairment
ADDRESS_READ	Address Read Access	GET	Address
ADDRESS_CREATE	Address Write Access For Create	POST	Address
ADDRESS_UPDATE	Address Write Access For Update	PUT	Address
ADDRESS_DELETE	Address Delete Access	DELETE	Address
PHONE_READ	Phone Read Access	GET	Phone
PHONE_CREATE	Phone Write Access For Create	POST	Phone
PHONE_UPDATE	Phone Write Access For Update	PUT	Phone
PHONE_DELETE	Phone Delete Access	DELETE	Phone