Identity and Security

User

The User entity is central security concept of the system, forming the basis for managing access, authentication, and permissions. It interacts closely with other entities like Roles, Groups, Identities, and Single Sign-On (SSO) mechanisms to ensure a structured and flexible role-based access control (RBAC) system.

User Structure

A User is composed of the following attributes:

  • name: A character varying string representing the user’s full name.
  • salutation: The user’s title (e.g., Mr., Ms., Dr.).
  • first_name: The user’s first name.
  • middle_name: The user’s middle name.
  • last_name: The user’s last name.

Role

Roles serve as a key mechanism for managing permissions and defining user access levels based on their responsibilities.

  • name: The name of the role.
  • description: A detailed explanation of the role’s purpose.
  • default: A Boolean indicating if this is a default role assigned to new users.
  • permissions: A JSON object defining the specific permissions associated with the role.

Roles can be assigned either directly to Users or to Groups, offering dynamic and adaptable permission management.

Group

Groups are collections of users that simplify the management of permissions. They provide a way to assign roles and permissions to multiple users at once. A Group includes:

  • name: The name of the group.
  • description: A description of the group’s purpose.

Relationships Between Users, Roles, and Groups

The relationships among Users, Roles, and Groups allow for scalable and flexible access management:

  • User and Role: Users can have one or more roles, each granting specific permissions. Default roles may be assigned automatically, while additional roles can be added based on evolving needs.
  • User and Group: Users can be part of one or more groups, allowing collective management of roles and permissions. This is especially useful for managing large teams.
  • Group and Role: Groups can be assigned roles, ensuring that all members of a group inherit the permissions associated with those roles. Any updates to a group role are automatically applied to all group members.

Identity and Authentication Management

The Identity relationship is crucial for handling user authentication and authorization, linking users to their credentials and identity providers.

  • Identity attributes:
  • email: The email address associated with the user’s identity.

Single Sign-On (SSO) entities streamline the authentication process by connecting users with their identity providers:

  • SSO attributes:
  • name: The name of the identity provider.
  • issuer: The entity that issues identity tokens.
  • scopes: The permitted scopes for accessing resources through the identity provider.

User Relationships with Platforms

  • Platform: A user can create a Platform, which serves as a deployment environment. This allows users to manage instances and builds related to various products.

Philosophy of User, Group, and Role Management

The system’s design reflects a structured yet adaptable approach to managing access and responsibilities:

  • Users: They are at the heart of the access control system, with roles defining their permissions and responsibilities.
  • Groups: These facilitate efficient management by applying roles and permissions to multiple users simultaneously.
  • Roles: By associating roles with users and groups, the system ensures that permissions are consistently applied and responsibilities are clearly defined.

This framework enables effective management of both individual-specific and collective access needs, ensuring that user permissions remain aligned with their roles and responsibilities. By integrating Identities and SSO, it ensures secure authentication and seamless access control across the platform.