CdmAuthorisationAndAccessControl » History » Version 19
Andreas Kohlbecker, 09/10/2012 10:18 AM
1 | 1 | Andreas Kohlbecker | |
---|---|---|---|
2 | 3 | Andreas Kohlbecker | # Cdm authorisation and access control |
3 | 2 | Andreas Kohlbecker | |
4 | |||
5 | It is evident that the cdm library needs authorisation and access control. There are library methods which need to protected from unauthorised execution and there is also the data which is exposed by the library. Not all data should be visible to every user so a [[HibernateSpringAndRowlevelSecurity|row level access control]] is needed. |
||
6 | |||
7 | |||
8 | |||
9 | 4 | Andreas Kohlbecker | ## Questions |
10 | 2 | Andreas Kohlbecker | |
11 | 4 | Andreas Kohlbecker | |
12 | 7 | Andreas Kohlbecker | 1. Do we need a access control in the web service (cdmlib-remote) or is it sufficient to protect the service layer. As long web service controllers are not using DAO (cdmlib-persistence) methods directly it should not be necessary. |
13 | 4 | Andreas Kohlbecker | |
14 | |||
15 | |||
16 | 3 | Andreas Kohlbecker | ## Use cases |
17 | 4 | Andreas Kohlbecker | |
18 | |||
19 | 12 | Andreas Kohlbecker | A. a specific **classification sub tree** is **publicly visible** that is it is _published_ |
20 | 1 | Andreas Kohlbecker | |
21 | 12 | Andreas Kohlbecker | B. a specific **classification sub tree** must not be **publicly visible** in the data portal and thus must be also hidden in the web service responses |
22 | 1 | Andreas Kohlbecker | |
23 | 12 | Andreas Kohlbecker | C. a specific **classification sub tree** is only visible for users which have a specific **role** but the user is not granted to **edit** anything in/below it |
24 | 8 | Andreas Kohlbecker | |
25 | 19 | Andreas Kohlbecker | D. A user is only granted to **edit Descriptions** |
26 | 1 | Andreas Kohlbecker | |
27 | 19 | Andreas Kohlbecker | E. A user is only granted to **edit DescriptionElements** of a specific _Feature_ |
28 | 1 | Andreas Kohlbecker | |
29 | 19 | Andreas Kohlbecker | F. A user is only granted to **edit structured Descriptions** |
30 | 1 | Andreas Kohlbecker | |
31 | 19 | Andreas Kohlbecker | G. Combinations of B, C and D, E must be possible |
32 | 1 | Andreas Kohlbecker | |
33 | 19 | Andreas Kohlbecker | H. Only users with the **roles** *Admin* or **Usermanager** or the user in question it self (if currently authenticated) are allowed to execute **change password** |
34 | 1 | Andreas Kohlbecker | |
35 | 19 | Andreas Kohlbecker | I. Only users with the **roles** *Admin* or **Usermanager** are allowed to create or **edit** new users |
36 | 12 | Andreas Kohlbecker | |
37 | 19 | Andreas Kohlbecker | |
38 | 1 | Andreas Kohlbecker | ~~~ |
39 | <code class="rst"> |
||
40 | Tabular summary of above use cases translated into roles: |
||
41 | |||
42 | 19 | Andreas Kohlbecker | =========== ========================= ====================================== =============== ============================= |
43 | \ what to protect |
||
44 | ----------- ------------------------- -------------------------------------- ---------------------------------------------- |
||
45 | Usecase Role authority string Entity ServiceMethod |
||
46 | =========== ========================= ====================================== =============== ============================= |
||
47 | A. Anonymous TaxonNode.READ{uuid} ... |
||
48 | B. TaxGroupX_User TaxonNode.READ{uuid} ... |
||
49 | C. TaxGroupX_Editor TaxonNode.UPDATE{uuid} ... |
||
50 | D. DescriptionEditor Description.UPDATE ... |
||
51 | E. DescriptionEditor DescriptioElement(Ecology).UPDATE ... |
||
52 | H. Admin, Usermanager UserService.changePassword() |
||
53 | =========== ========================= ====================================== =============== ============================= |
||
54 | 1 | Andreas Kohlbecker | |
55 | *Anonymous* means not authenticated |
||
56 | |||
57 | ~~~ |
||
58 | 17 | Andreas Kohlbecker | |
59 | **Special cases:** |
||
60 | |||
61 | 18 | Andreas Kohlbecker | * **@TaxonNames@** can potentially be shared between different taxa, thus a situation may occur where a user has grants to edit taxon A but not for taxon B, but both taxa are sharing the same name. How will we handle this situation, should the name be cloned when the user starts editing taxon A, so that taxon A has another name entity than taxon B after the user saved the latest changes? |
62 | 12 | Andreas Kohlbecker | |
63 | * The same problem as described above for TaxonNames also accounts for *@References@*, but in this case the problem is more severe since references are very often part of multiple taxon names. |
||
64 | 19 | Andreas Kohlbecker | |
65 | |||
66 | |||
67 | |||
68 | ## Implementation details |
||
69 | |||
70 | |||
71 | _only a brief note for now:_ |
||
72 | |||
73 | |||
74 | 4 | Andreas Kohlbecker | |
75 | |||
76 | |||
77 | 1 | Andreas Kohlbecker |