-
Notifications
You must be signed in to change notification settings - Fork 4
Permission Settings
To protect datasets to be read, manipulated or deleted by not authorized persons, each dataset can be appended by persmission settings. There are seperate persmissions for each CRUD-operation (get, set and/or del). To make authentifikation easy, there can be multiple login-methods configured.
By appending the following basic structure to each dataset that should be protected the permissions are set:
“_”: {
“creator”: “astudi2s”,
`"realm"`: “hbrsinfkaul”,
“access”: {
“get”: “all”,
“set”: “creator”,
“del”: “creator”
}
}
First groups are been defined such as creator. The realm defines the login-method that schould be used for authentification. The access-block defines which group has access to the get, set or delmethods. If the current logged in user should get access, %user% can be used for this. The group all can be used when access for all users is mentioned.
In some cases multiple groups should be added to a operation for setting permissions.
“_”: {
creator: 'john',
realm: 'guest',
group: {
abc: [ 'john', 'jane' ],
xyz: [ 'foo', 'bar' ],
access: {
get: 'abc',
set: [ 'abc', 'xyz' ],
del: '%user%'
}
]
}
In this example the group abc gets persmission for getting data. The groups abc and xyz is allowed to set (create or update) datasets. Only the current logged in user is allwed to delete the dataset.
In some cases permissions are only meaningful depending on the current time. For example persmission should only be granted for a period of time. After this time the permission should be refused. The following code example illustrates the wasy time depending persmissions are set.
“_”: {
creator: 'john',
realm: 'guest',
group: {
abc: [ 'john', 'jane' ],
xyz: [ 'foo', 'bar' ],
access: [
[ '2018-03-12', 'creator' ],
[ '2018-03-17', {
get: 'abc',
set: [ 'abc', 'xyz'],
del: '%user%'
}],
[ '2018-03-22', 'all' ]
]
}