Latest revision as of 10:11, 9 April 2018

Security

ARK2 uses the Symfony Security component. ARK2 extends this component with its own User Provider and Role-Based Access Control to manage user rights within an ARK.

• User Authentication
  • Token-based
  • Local user database for stand-alone/internal use
  • Distributed Via OAuth and OpenID authentication services (Google, Facebook, etc)

• User Authorisation
  • Role-Based Access Control (RBAC) model based on Users/Roles/Permissions

HTTPS is required and is supported using LetsEncrypt to obtain SSL certificates.

User Status

The User account has the following possible statuses:

• Registered - The user has registered with the website but not yet verified their email (if required)
• Verified - The user has responded to the email verification but not yet been enabled by the admin (if required)
• Enabled - The user is enabled to use the website
• Disabled - The user has been disabled by the admin and cannot login or reset their account
• Locked - The user has failed the password check and must reset their password, or the admin has required them to reset their password
• Expired - The expiry date for the account has passed and must be extended by the admin

User Levels

ARK User Levels are a renaming of Symfony Security module Roles to prevent confusion with ARK RBAC Roles:

• ROLE_SYSADMIN - System Admin - Admin rights for an ARK system install.
• ROLE_ADMIN - ARK Admin - Admin rights for an ARK instance.
• ROLE_USER - General user rights for any other role within an ARK instance.
• ROLE_ANON - Anonymous users.

RBAC Model

• Permission - A specific right that may be granted to view data or perform an action within the system
• Actor - A persistent entity who can view data or perform actions within the system
• Role - A set of Permissions that can be assigned to an Actor
• User - A security account for logging into the system that can be linked to one or more Actors