Difference between revisions of "ARK2/Security"
From ARK
(→RBAC Model) |
(→User Levels) |
||
(4 intermediate revisions by the same user not shown) | |||
Line 1: | Line 1: | ||
= Security = | = Security = | ||
− | + | ARK2 uses the Symfony Security component. ARK2 extends this component with its own User Provider and Role-Based Access Control to manage user rights within an ARK. | |
− | |||
* User Authentication | * User Authentication | ||
** Token-based | ** Token-based | ||
** Local user database for stand-alone/internal use | ** Local user database for stand-alone/internal use | ||
− | ** Via OAuth and OpenID authentication services (Google, Facebook, etc) | + | ** Distributed Via OAuth and OpenID authentication services (Google, Facebook, etc) |
+ | |||
+ | |||
* User Authorisation | * User Authorisation | ||
** Role-Based Access Control (RBAC) model based on Users/Roles/Permissions | ** Role-Based Access Control (RBAC) model based on Users/Roles/Permissions | ||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | + | HTTPS is required and is supported using LetsEncrypt to obtain SSL certificates. | |
− | |||
− | |||
− | |||
− | |||
− | + | === User Status === | |
− | + | The User account has the following possible statuses: | |
− | |||
− | |||
− | |||
− | + | * Registered - The user has registered with the website but not yet verified their email (if required) | |
− | * | + | * Verified - The user has responded to the email verification but not yet been enabled by the admin (if required) |
− | * | + | * Enabled - The user is enabled to use the website |
− | * | + | * Disabled - The user has been disabled by the admin and cannot login or reset their account |
− | * | + | * Locked - The user has failed the password check and must reset their password, or the admin has required them to reset their password |
− | * | + | * Expired - The expiry date for the account has passed and must be extended by the admin |
− | |||
− | * | ||
− | + | === User Levels === | |
− | |||
− | |||
− | |||
− | |||
− | + | ARK User Levels are a renaming of Symfony Security module Roles to prevent confusion with ARK RBAC Roles: | |
− | |||
− | + | * ROLE_SYSADMIN - System Admin - Admin rights for an ARK system install. | |
− | * System Admin - Admin rights for system install | + | * ROLE_ADMIN - ARK Admin - Admin rights for an ARK instance. |
− | * ARK Admin - Admin rights for ARK instance | + | * ROLE_USER - General user rights for any other role within an ARK instance. |
− | * | + | * ROLE_ANON - Anonymous users. |
− | * | ||
− | |||
== RBAC Model == | == RBAC Model == | ||
− | * | + | * Permission - A specific right that may be granted to view data or perform an action within the system |
− | * | + | * Actor - A persistent entity who can view data or perform actions within the system |
− | * | + | * Role - A set of Permissions that can be assigned to an Actor |
− | + | * User - A security account for logging into the system that can be linked to one or more Actors |
Latest revision as of 10:11, 9 April 2018
Security
ARK2 uses the Symfony Security component. ARK2 extends this component with its own User Provider and Role-Based Access Control to manage user rights within an ARK.
- User Authentication
- Token-based
- Local user database for stand-alone/internal use
- Distributed Via OAuth and OpenID authentication services (Google, Facebook, etc)
- User Authorisation
- Role-Based Access Control (RBAC) model based on Users/Roles/Permissions
HTTPS is required and is supported using LetsEncrypt to obtain SSL certificates.
User Status
The User account has the following possible statuses:
- Registered - The user has registered with the website but not yet verified their email (if required)
- Verified - The user has responded to the email verification but not yet been enabled by the admin (if required)
- Enabled - The user is enabled to use the website
- Disabled - The user has been disabled by the admin and cannot login or reset their account
- Locked - The user has failed the password check and must reset their password, or the admin has required them to reset their password
- Expired - The expiry date for the account has passed and must be extended by the admin
User Levels
ARK User Levels are a renaming of Symfony Security module Roles to prevent confusion with ARK RBAC Roles:
- ROLE_SYSADMIN - System Admin - Admin rights for an ARK system install.
- ROLE_ADMIN - ARK Admin - Admin rights for an ARK instance.
- ROLE_USER - General user rights for any other role within an ARK instance.
- ROLE_ANON - Anonymous users.
RBAC Model
- Permission - A specific right that may be granted to view data or perform an action within the system
- Actor - A persistent entity who can view data or perform actions within the system
- Role - A set of Permissions that can be assigned to an Actor
- User - A security account for logging into the system that can be linked to one or more Actors