Skip to content

Role Based Access control in oxTrust.

Jump to bottom Edit New page
gasmyr edited this page Jan 29, 2019 · 1 revision

Introduction

We have receive from customers a request for a granular roles and permissions management in Gluu server(mainly oxTrust Admin component).

Description

The following capabilities from oxtrut Admin UI are requested:

  • Ability to define roles and permissions
  • Ability to assign a set of permission to a given role
  • Ability to assign one or more roles to a given user
  • Ability to delete role and permission
  • Ability for a role to inherit permissions of his parent.

Solution

Implementing a Role Base Access control to cover all the feature listed above.

Concepts

  • Resource: A resource/service is something within the applications that a given user may need access to.

  • Role: A role contains privileges defined by a set of actions that can be performed by a group of users in an organization. For example Manager,Auditor. An role has a name and a description.

  • Permission: An approval of a mode of access to a resource. Example **VIEW,DELETE,UPDATE **

Plan to implement

  • Create default permissions in LDAP
  • Create default roles in LDAP
  • Assign default admin role to default admin
  • Build the UI to manage permissions(Add, delete, change, list)
  • Build the UI to manage roles(Add, delete, change, list, assign)
  • Change the existing permissionService and Identity class accordingly.
Add a custom footer
Add a custom sidebar
Clone this wiki locally