ARK2/Security

From ARK
Jump to: navigation, search

Security

ARK2 uses the Symfony Security component. ARK2 extends this component with its own User Provider and Role-Based Access Control to manage user rights within an ARK.

  • User Authentication
    • Token-based
    • Local user database for stand-alone/internal use
    • Distributed Via OAuth and OpenID authentication services (Google, Facebook, etc)


  • User Authorisation
    • Role-Based Access Control (RBAC) model based on Users/Roles/Permissions

HTTPS is required and is supported using LetsEncrypt to obtain SSL certificates.

User Status

The User account has the following possible statuses:

  • Registered - The user has registered with the website but not yet verified their email (if required)
  • Verified - The user has responded to the email verification but not yet been enabled by the admin (if required)
  • Enabled - The user is enabled to use the website
  • Disabled - The user has been disabled by the admin and cannot login or reset their account
  • Locked - The user has failed the password check and must reset their password, or the admin has required them to reset their password
  • Expired - The expiry date for the account has passed and must be extended by the admin

User Levels

ARK User Levels are a renaming of Symfony Security module Roles to prevent confusion with ARK RBAC Roles:

  • ROLE_SYSADMIN - System Admin - Admin rights for an ARK system install.
  • ROLE_ADMIN - ARK Admin - Admin rights for an ARK instance.
  • ROLE_USER - General user rights for any other role within an ARK instance.
  • ROLE_ANON - Anonymous users.

RBAC Model

  • Permission - A specific right that may be granted to view data or perform an action within the system
  • Actor - A persistent entity who can view data or perform actions within the system
  • Role - A set of Permissions that can be assigned to an Actor
  • User - A security account for logging into the system that can be linked to one or more Actors