Task: RBAC - Role Definition

[kbeaugrand]

Story: #2694

Description
Create a list of specific roles needed in the system (e.g., admin, user, manager, etc.).
Define the permissions associated with each role based on gathered requirements and associated hierarchical scopes.

[TLeoDev]

Role Definition Documentation

Story Reference

• Story: Story: As a system administrator, I want to define roles within the RBAC model to accommodate various user responsibilities, allowing for effective access control management. #2694

Introduction

This document lists and defines the specific roles needed in our system, along with their associated permissions. These roles have been designed based on our system requirements and the hierarchical scopes within which they will operate.

List of the actions and their correspondants API with description :

Group Management:

Name of Action	Description	API method	api String
GetAllGroups	Retrieves all groups	GET	/api/groups
GetGroupDetails	Retrieves details for a specific group	GET	/api/groups/{groupId}
CreateGroup	Creates a new group	POST	/api/groups
UpdateGroup	Updates an existing group	PUT	/api/groups/{groupId}
DeleteGroup	Deletes a group	DELETE	/api/groups/{groupId}
GetGroupAvatar	Gets the avatar for a group	GET	/api/groups/{groupId}/avatar
UpdateGroupAvatar	Updates the avatar for a group	PUT	/api/groups/{groupId}/avatar
DeleteGroupAvatar	Deletes the avatar for a group	DELETE	/api/groups/{groupId}/avatar

Group Member Management :

Name of Action	Description	API method	api String
GetGroupMembers	Retrieves all members of a specific group	GET	/api/groups/{groupId}/members
AddGroupMembers	Adds members to a group	POST	/api/groups/{groupId}/members/add
RemoveGroupMembers	Removes members from a group	DELETE	/api/groups/{groupId}/members/remove

Role Management :

Name of Action	Description	API method	api String
GetAllRoles	Retrieves all roles	GET	/api/roles
GetRoleDetails	Retrieves details for a specific role	GET	/api/roles/{roleId}
CreateRole	Creates a new role	POST	/api/roles
UpdateRole	Updates an existing role	PUT	/api/roles/{roleId}
DeleteRole	Deletes a role	DELETE	/api/roles/{roleId}
GetRoleAvatar	Gets the avatar for a role	GET	/api/roles/{roleId}/avatar
UpdateRoleAvatar	Updates the avatar for a role	POST	/api/roles/{roleId}/avatar
DeleteRoleAvatar	Deletes the avatar for a role	DELETE	/api/roles/{roleId}/avatar

AccessControl Management :

Name of Action	Description	API method	api String
GetAccessControls	Retrieves access controls for a specific scope	GET	/api/accesscontrols/{scope}
AddAccessControl	Adds an access control to a scope	POST	/api/accesscontrols/{scope}/add
RemoveAccessControl	Removes an access control from a scope	DELETE	/api/accesscontrols/{scope}/remove
EditAccessControl	Edits an existing access control	PUT	/api/accesscontrols/{scope}/edit
GetHierarchicalScopes	Retrieves the hierarchy of scopes	GET	/api/scopes/hierarchical
CreateHierarchicalScope	Creates a new hierarchical scope	POST	/api/scopes/hierarchical/create
UpdateHierarchicalScope	Updates an existing hierarchical scope	PUT	/api/scopes/hierarchical/update
DeleteHierarchicalScope	Deletes a hierarchical scope	DELETE	/api/scopes/hierarchical/delete

Admin APIs :

Name of Action	Description	API method	api String
ExportDevices	Exports a list of devices from the portal	POST	/api/admin/devices/_export
ImportDevices	Imports a list of devices to the portal	POST	/api/admin/devices/_import
DownloadDeviceTemplate	Downloads a template file to import devices	POST	/api/admin/devices/_template

Metrics :

Name of Action	Description	API method	api String
GetPortalMetrics	Gets the portal metrics	GET	/api/dashboard/metrics

IoT Devices :

Name of Action	Description	API method	api String
GetAllDeviceConfigurations	Gets all device configurations	GET	/api/device-configurations
CreateDeviceConfiguration	Creates a device configuration	POST	/api/device-configurations
GetDeviceConfiguration	Gets a specific device configuration	GET	/api/device-configurations/{configurationId}
UpdateDeviceConfiguration	Updates a device configuration	PUT	/api/device-configurations/{configurationId}
DeleteDeviceConfiguration	Delete a device configuration	DELETE	/api/device-configurations/{configurationId}
GeAlltDeviceConfigurationMetrics	Gets all the metrics from a device configuration	GET	/api/device-configurations/{configurationId}/metrics
GetAllDevices	Gets all the devices	GET	/api/devices
CreateDevice	Creates a device	POST	/api/devices
UpdateDevice	Updates a device	PUT	/api/devices
GetDeviceDetails	Gets a specific device	GET	/api/devices/{deviceID}
DeleteDevice	Deletes a device	DELETE	/api/devices/{deviceID}
GetDeviceCredentials	Gets the device credentials	GET	/api/devices/{deviceID}/credentials
GetDeviceProperties	Gets the device properties	GET	/api/devices/{deviceID}/properties
CreateDeviceProperties	Set the device properties	POST	/api/devices/{deviceID}/properties
GetAllAvailableDeviceLabels	Get all the available labels	GET	/api/devices/available-labels

IoT EdgeDevices :

Name of Action	Description	API method	api String
GetAllEdgeDevices	Gets the IoT Edge device list	GET	/api/edge/devices
CreateEdgeDevice	Creates the IoT Edge device	POST	/api/edge/devices
GetEdgeDevice	Gets the specified device	GET	/api/edge/devices/{deviceId}
UpdateEdgeDevice	Updates the device	PUT	/api/edge/devices/{deviceId}
DeleteEdgeDevice	Deletes the device	DELETE	/api/edge/devices/{deviceId}
ExecuteEdgeModuleMethod	Executes the module method on the IoT Edge device.	POST	/api/edge/devices/{deviceId}/{moduleName}/{methodName}
GetEdgeDeviceCredentials	Gets the IoT Edge device enrollement credentials	GET	/api/edge/devices/{deviceId}/credentials
GetEdgeDeviceEnrollmentScriptUrl	Gets the IoT Edge device enrollement script Url	GET	/api/edge/devices/{deviceId}/enrollementScript/{templateName}
GetEdgeDeviceLogs	Execute a GetModuleLogs method on the device	POST	/api/edge/devices/{deviceId}/logs
GetAllAvailableEdgeDeviceLabels	Get all the available edge devices labels	GET	/api/edge/devices/available-labels
GetEdgeDeviceEnrollmentScript	Gets the device enrollment script	GET	/api/edge/devices/enroll

IoT Edge Devices Models :

Name of Action	Description	API method	api String
GetAllEdgeModel	Gets all the edge device models	GET	/api/edge/models
CreateEdgeModel	Creates an edge device model	POST	/api/edge/models
UpdateEdgeModel	Updates an edge device model	PUT	/api/edge/models
GetEdgeModel	Gets an edge device model	GET	/api/edge/models/{edgeModelId}
DeleteEdgeModel	Deletes an edge device model	DELETE	/api/edge/models/{edgeModelId}
GetEdgeModelAvatar	Gets an edge device model avatar	GET	/api/edge/models/{edgeModelId}/avatar
UpdateEdgeModelAvatar	Update an edge device model avatar	POST	/api/edge/models/{edgeModelId}/avatar
DeleteEdgeModelAvatar	Deletes an edge device model avatar	DELETE	/api/edge/models/{edgeModelId}/avatar
GetPublicEdgeModules	Get all public edge device modules	GET	/api/edge/models/public-modules

Ideas :

Name of Action	Description	API method	api String
SumitIdea	Sends an idea to the IoT Hub Portal community	POST	/api/ideas

LoRa WAN :

Name of Action	Description	API method	api String
GetAllConcentrators	Gets all concentrators	GET	/api/lorawan/concentrators
CreateConcentrator	Creates a concentrator	POST	/api/lorawan/concentrators
UpdateConcentrator	Updates a concentrator	PUT	/api/lorawan/concentrators
GetConcentrator	Gets a concentrator	GET	/api/lorawan/concentrators/{deviceId}
DeleteConcentrator	Deletes a concentrator	DELETE	/api/lorawan/concentrators/{deviceId}
GetAllLorawanDevices	Gets all the LoRaWAN devices	GET	/api/lorawan/devices
CreateLorawanDevice	Creates a LoRaWAN device	POST	/api/lorawan/devices
UpdateLorawanDevice	Updates a LoRaWAN device	PUT	/api/lorawan/devices
GetLorawanDevice	Gets a LoRaWAN device	GET	/api/lorawan/devices/{deviceID}
DeleteLorawanDevice	Deletes a LoRaWAN device	DELETE	/api/lorawan/devices/{deviceID}
ExecuteLorawanDeviceCommand	Executes the command on the LoRaWAN device	POST	/api/lorawan/devices/{deviceId}/_command/{commandId}
GetLorwanDeviceTelemetry	Gets the LoRaWAN device telemetry	GET	/api/lorawan/devices/{deviceId}/telemetry
GetAvailableLorawanDeviceLabels	Gets all the available labels for LoRaWan devices	GET	/api/lorawan/devices/available-labels
GetLorawanDeviceGateways	Gets the LoRaWAN device gateways	GET	/api/lorawan/devices/gateways
GetFrequencyPlans	Get the LoRaWAN device supported frequency plans	GET	/api/lorawan/freqencyplans
GetAllLorawanDeviceModels	Gets all the LoRaWAN device models	GET	/api/lorawan/models
CreateLorawanDeviceModel	Creates a LoRaWAN device model	POST	/api/lorawan/models
GetLorawanDeviceModel	Get a LoRaWAN device model	GET	/api/lorawan/models/{id}
UpdateLorawanDeviceModel	Updates a LoRaWAN device model	PUT	/api/lorawan/models/{id}
DeleteLorawanDeviceModel	Deletes a LoRaWAN device model	DELETE	/api/lorawan/models/{id}
GetLorawanDeviceModelAvatar	Gets a LoRaWAN device model avatar	GET	/api/lorawan/models/{id}/avatar
UpdateLorawanDeviceModelAvatar	Update a LoRaWAN device model avatar	POST	/api/lorawan/models/{id}/avatar
DeleteLorawanDeviceModelAvatar	Deletes a LoRaWAN device model avatar	DELETE	/api/lorawan/models/{id}/avatar
UpdateLorawanDeviceModelCommands	Updates the LoRaWAN device model's commands	POST	/api/lorawan/models/{id}/commands
GetLorawanDeviceModelCommands	Gets the LoRaWAN device model's commands	GET	/api/lorawan/models/{id}/commands

Device Models

Name of Action	Description	API method	api String
GetAllDeviceModels	Gets all device models	GET	/api/models
CreateDeviceModel	Creates a device model	POST	/api/models
GetDeviceModel	Get a device model	GET	/api/models/{id}
UpdateDeviceModel	Updates a device model	PUT	/api/models/{id}
DeleteDeviceModel	Deletes a device model	DELETE	/api/models/{id}
GetDeviceModelAvatar	Get a device model avatar	GET	/api/models/{id}/avatar
UpdateDeviceModelAvatar	Updates a device model avatar	POST	/api/models/{id}/avatar
DeleteDeviceModelAvatar	Deletes a device model avatar	DELETE	/api/models/{id}/avatar
GetDeviceModelProperties	Gets the device model properties	GET	/api/models/{id}/properties
SetDeviceModelProperties	Sets the device model properties	POST	/api/models/{id}/properties

Portal Settings :

Name of Action	Description	API method	api String
UpdateDeviceTagSettings	Updates the device tag settings used in the application	POST	/api/settings/device-tags
GetAllDeviceTagSettings	Gets the device tag settings used in the application	GET	/api/settings/device-tags
CreateOrUpdateDeviceTag	Creates or update a device tag	PATCH	/api/settings/device-tags
DeleteDeviceTagByName	Deletes a device tag by name	DELETE	/api/settings/device-tags/{deviceTagName}
GetOIDCSettings	Gets the Open ID settings	GET	/api/settings/device-tags/{deviceTagName}
GetPortalSettings	Gets the portal settings	GET	/api/settings/portal

Our Predefined Roles for RBAC :

SuperAdministrator

Description: Has full control over the system and can manage all aspects of the application.

• Actions :
  • GetAllGroups
  • CreateGroup
  • UpdateGroup
  • DeleteGroup
  • GetGroupDetails
  • AddGroupMembers
  • RemoveGroupMembers
  • GetAllRoles
  • CreateRole
  • UpdateRole
  • DeleteRole
  • GetRoleDetails
  • GetAccessControls
  • AddAccessControl
  • RemoveAccessControl
  • EditAccessControl
  • GetHierarchicalScopes
  • CreateHierarchicalScope
  • UpdateHierarchicalScope
  • DeleteHierarchicalScope
  • ExportDevices
  • ImportDevices
  • DownloadDeviceTemplate
  • GetPortalMetrics
  • GetAllDeviceConfigurations
  • CreateDeviceConfiguration
  • UpdateDeviceConfiguration
  • DeleteDeviceConfiguration
  • GeAlltDeviceConfigurationMetrics
  • GetAllDevices
  • CreateDevice
  • UpdateDevice
  • DeleteDevice
  • GetDeviceDetails
  • GetDeviceCredentials
  • GetDeviceProperties
  • CreateDeviceProperties
  • GetAllAvailableDeviceLabels
  • GetAllEdgeDevices
  • CreateEdgeDevice
  • UpdateEdgeDevice
  • DeleteEdgeDevice
  • ExecuteEdgeModuleMethod
  • GetEdgeDeviceCredentials
  • GetEdgeDeviceEnrollmentScriptUrl
  • GetEdgeDeviceLogs
  • GetAllAvailableEdgeDeviceLabels
  • GetEdgeDeviceEnrollmentScript
  • GetAllEdgeModel
  • CreateEdgeModel
  • UpdateEdgeModel
  • DeleteEdgeModel
  • GetEdgeModel
  • GetEdgeModelAvatar
  • UpdateEdgeModelAvatar
  • DeleteEdgeModelAvatar
  • GetPublicEdgeModules
  • SumitIdea
  • GetAllConcentrators
  • CreateConcentrator
  • UpdateConcentrator
  • DeleteConcentrator
  • GetConcentrator
  • GetAllLorawanDevices
  • CreateLorawanDevice
  • UpdateLorawanDevice
  • DeleteLorawanDevice
  • ExecuteLorawanDeviceCommand
  • GetLorwanDeviceTelemetry
  • GetAvailableLorawanDeviceLabels
  • GetLorawanDeviceGateways
  • GetFrequencyPlans
  • GetAllLorawanDeviceModels
  • CreateLorawanDeviceModel
  • UpdateLorawanDeviceModel
  • DeleteLorawanDeviceModel
  • GetLorawanDeviceModelAvatar
  • UpdateLorawanDeviceModelAvatar
  • DeleteLorawanDeviceModelAvatar
  • UpdateLorawanDeviceModelCommands
  • GetLorawanDeviceModelCommands
  • GetAllDeviceModels
  • CreateDeviceModel
  • UpdateDeviceModel
  • DeleteDeviceModel
  • GetDeviceModel
  • GetDeviceModelAvatar
  • UpdateDeviceModelAvatar
  • DeleteDeviceModelAvatar
  • GetDeviceModelProperties
  • SetDeviceModelProperties
  • UpdateDeviceTagSettings
  • GetAllDeviceTagSettings
  • CreateOrUpdateDeviceTag
  • DeleteDeviceTagByName
  • GetOIDCSettings
  • GetPortalSettings

DeviceManager

Description: Manages device configurations, properties, and can update device information.

• Actions :
  • GetAllDeviceConfigurations
  • CreateDeviceConfiguration
  • UpdateDeviceConfiguration
  • DeleteDeviceConfiguration
  • GeAlltDeviceConfigurationMetrics
  • GetAllDevices
  • CreateDevice
  • UpdateDevice
  • DeleteDevice
  • GetDeviceDetails
  • GetDeviceCredentials
  • GetDeviceProperties
  • CreateDeviceProperties
  • GetAllAvailableDeviceLabels

EdgeDeviceManager

Description: Oversees the management and operations of IoT Edge devices.

• Actions :
  • GetAllEdgeDevices
  • CreateEdgeDevice
  • UpdateEdgeDevice
  • DeleteEdgeDevice
  • ExecuteEdgeModuleMethod
  • GetEdgeDeviceCredentials
  • GetEdgeDeviceEnrollmentScriptUrl
  • GetEdgeDeviceLogs
  • GetAllAvailableEdgeDeviceLabels
  • GetEdgeDeviceEnrollmentScript

MetricsViewer

Description: Authorized to view system metrics and performance data.

• Actions :
  • GetPortalMetrics

RoleManager

Description: Specializes in creating and customizing roles and their associated actions

• Actions :
  • GetAllRoles
  • CreateRole
  • UpdateRole
  • DeleteRole
  • GetRoleDetails

GroupManager

Description: Responsible for managing user groups and their members within the system.

• Actions :
  • GetAllGroups
  • CreateGroup
  • UpdateGroup
  • DeleteGroup
  • GetGroupDetails
  • AddGroupMembers
  • RemoveGroupMembers

AccessControlManagement

Description: Manages access controls and defines permissions for users and groups at different scopes.

• Actions :
  • GetAccessControls
  • AddAccessControl
  • RemoveAccessControl
  • EditAccessControl

ScopeArchitect

Description: Designs and manages the hierarchical scopes within the application.

• Actions :
  • GetHierarchicalScopes
  • CreateHierarchicalScope
  • UpdateHierarchicalScope
  • DeleteHierarchicalScope

IdeaContributor

Description: Can submit ideas for improvements or new features within the IoT Hub Portal.

• Actions :
  • SumitIdea

TagManager

Description: Manages tags for devices, ensuring correct labeling and categorization.

• Actions :
  • UpdateDeviceTagSettings
  • GetAllDeviceTagSettings
  • CreateOrUpdateDeviceTag
  • DeleteDeviceTagByName