Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

User role management #180

Open
lolski opened this issue Nov 2, 2021 · 0 comments
Open

User role management #180

lolski opened this issue Nov 2, 2021 · 0 comments

Comments

@lolski
Copy link
Member

lolski commented Nov 2, 2021

Implement user role management commands supporting the following functionalities:

  1. Role CRUD
  2. Assigning a role to a user

Role

> role create <role-name> [<privilege>, ...]
role created.

> role delete <role-name>

> role get <role-name> permission set [<privilege>, ...]
> role get <role-name> permission add <privilege>
> role get <role-name> permission remove <privilege>
role updated.

> role list
+-----+---------------+-------------------------+
| no. | name          | privileges              |
+-----+---------------+-------------------------+
| 1.  | admin         | user:create             |
|     |               | user:list               |
|     |               | user:delete             |
|     |               | database:create         |
|     |               | database:list           |
|     |               | database:delete         |
|     |               | access:*:*:*            |
| 2.  | role1         | access:db1:*            |
|     |               | access:db2:data:read    |
| 3.  | role2         | access:db2:*            |
+-----+---------------+-------------------------+

Privileges

- user:create
- user:list
- user:delete
- database:create
- database:list
- database:delete
- access:*:schema:write
- access:*:schema:read
- access:*:data:write
- access:*:data:read

Access

  1. schema:write:
    • implies schema:read
  2. schema:read
  3. data:write:
    • implies schema:read
    • implies data:read
  4. data:read:
    • implies schema:read

Wildcard

  1. user:*
  2. access:*:*:*
  3. access:*:data:read

User

> user list
+-----+--------+-----------------+
| no. | name   | role            | 
+-----+--------+-----------------|
| 1.  | admin  | admin           |
| 2.  | user1  | role1           |
| 3.  | user2  | role1           |
| 4.  |        | role2           |
+-----+--------+-----------------+
@lolski lolski added this to the TypeDB Cluster Authorisation milestone Nov 2, 2021
@lolski lolski self-assigned this Nov 2, 2021
@lolski lolski changed the title Authorisation framework User authorisation Nov 2, 2021
@lolski lolski changed the title User authorisation User role management Nov 2, 2021
@haikalpribadi haikalpribadi removed this from the TypeDB Cluster Authorisation milestone Jun 14, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

2 participants