ARK2/Security
From ARK
Security
ARK2 uses the Symfony Security component. ARK2 extends this component with its own User Provider and Role-Based Access Control to manage user rights within an ARK.
- User Authentication
- Token-based
- Local user database for stand-alone/internal use
- Distributed Via OAuth and OpenID authentication services (Google, Facebook, etc)
- User Authorisation
- Role-Based Access Control (RBAC) model based on Users/Roles/Permissions
HTTPS is required and is supported using LetsEncrypt to obtain SSL certificates.
User Status
The User account has the following possible statuses:
- Registered - The user has registered with the website but not yet verified their email (if required)
- Verified - The user has responded to the email verification but not yet been enabled by the admin (if required)
- Enabled - The user is enabled to use the website
- Disabled - The user has been disabled by the admin and cannot login or reset their account
- Locked - The user has failed the password check and must reset their password, or the admin has required them to reset their password
- Expired - The expiry date for the account has passed and must be extended by the admin
User Levels
ARK User Levels are a renaming of Symfony Security module Roles to prevent confusion with ARK RBAC Roles:
- ROLE_SYSADMIN - System Admin - Admin rights for system install, i.e. config, etc.
- ROLE_ADMIN - ARK Admin - Admin rights for an ARK website instance.
- ROLE_USER - General user rights for any other role within an ARK.
- ROLE_ANON - Anon User
RBAC Model
- Permission - A specific right that may be granted to view data or perform an action within the system
- Actor - A persistent entity who can view data or perform actions within the system
- Role - A set of Permissions that can be assigned to an Actor
- User - A security account for logging into the system that can be linked to one or more Actors