Skip to content

Permission Settings

Jump to bottom Edit New page
Felix Bröhl edited this page Jun 18, 2020 · 12 revisions

To protect datasets to be read, manipulated or deleted by not authorized persons, each dataset can be appended by permission settings. There are seperate permissions for each CRUD-operation (get, set and/or del). To make authentification easy, there can be multiple login-methods configured.

Basic Structure

By appending the following basic structure to each dataset that should be protected the permissions are set:

“_”: {
    “creator”: “astudi2s”,
    "realm": “hbrsinfkaul”,
    “access”: {
        “get”: “all”,
        “set”: “creator”,
        “del”: “creator”
    }
}

First groups are been defined such as creator. The realm defines the login-method that schould be used for authentification. The access-block defines which group has access to the get, set or delmethods. If the current logged in user should get access, %user% can be used for this. The group all can be used when access for all users is mentioned.

Permission for multiple groups

In some cases multiple groups should be added to a operation for setting permissions.

“_”: {
    creator: 'john',
    realm: 'guest',
    group: {
        abc: [ 'john', 'jane' ],
        xyz: [ 'foo', 'bar', '%user%' ]
    },
    access: {
        get: 'abc',
        set: [ 'abc', 'xyz' ],
        del: 'creator'
    }
}

In this example the group abc gets permission for getting data. The groups abc and xyz is allowed to set (create or update) datasets. Only the current logged in user is allowed to delete the dataset.

Permission for only one group

In some cases only one groups should be added to a operation for setting permissions.

“_”: {
    creator: 'john',
    realm: 'guest',
    group: [ 'john', 'jane' ],
    access: {
        get: 'all',
        set: 'group',
        del: 'group'
    }
}

In this example the everybody gets permission for getting data. The define group is allowed to set (create or update) and delete datasets.

Permission for a realm

In some cases all users of a realm should be added to a operation for setting permissions.

“_”: {
    creator: 'john',
    realm: 'cloud',
    access: {
        get: 'all',
        set: 'realm',
        del: 'realm'
    }
}

In this example the everybody gets permission for getting data. The defined realm is allowed to set (create or update) and delete datasets.

Time-Depending Permission

In some cases permissions are only meaningful depending on the current time. For example permission should only be granted for a period of time. After this time the permission should be refused. The following code example illustrates the ways time depending permissions are set.

“_”: {
    creator: 'john',
    realm: 'guest',
    group: {
        abc: [ 'john', 'jane' ],
        xyz: [ 'foo', 'bar' ]
    },
    access: [
        [ '2018-03-12', 'creator' ],
	[ '2018-03-17', {
            get: 'abc',
            set: [ 'abc', 'xyz'],
            del: 'creator' 
        }],
	[ '2018-03-22', 'all' ]
    ]
}
Add a custom footer
Add a custom sidebar
Clone this wiki locally