Security
Authentication
Authentication is defined as the verification of the identity of a user as a prerequisite to allowing access to resources in an information system. (adopted from NIST SP 800-53 Rev. 5)
Role-based Access Control
Definition: A model for controlling access to resources where permitted actions on resources are identified with roles rather than with individual subject identities. Role-based access control is the predominant mechanism for user authorization in the project portal. These are roles are:
role | definition |
|---|---|
admin | Access to all /admin routes |
editor | Access to all /admin routes except for system administrative functions such as user and role management |
client | Access to all /client routes including the 'client-side' of the portal |
unverified | A newly created user that has not verified their account |
user | Default role for all authenticated and verified users that provides minimal access |
The project module UI is divided into two separate interfaces based on the role of the user. Admins and Editors are provided full access (read and write) to most resources (with a few exceptions where admins have access to specific system resources). Admins/Editors have control over specifically which project resources (Documents, Measurements, Features, and Agents) are visible to clients at the record level. For example, a project consists of five documents. 3 documents are set of be visible to clients and 2 documents are kept private and only accessible to admins/editors. On the project page, an admin/editor controls client visibility using a series of easy to use switches.
To provide a visual aid, the admin/editor interface is a dark blue. Clients are granted access to a completely separate set of interfaces summarized as follows:
Resource | Access | Notes |
|---|---|---|
Project | Landing Page | A presentation of basic metadata about a project including the primary contacts, project description, and various measurements shared with clients |
Project | Enhanced Map | Interactive web map of the project area. The specific set of spatial features and associated metadata are chosen on a project to project basis. |
Document | Upload New | Clients may upload documents to the portal at anytime |
Group-based Access Control
User groups are utilized for classes that require object-level access control. At the time of this writing, Projects (clients only) and Documents are the only classes associated with this type of group-based control. Here, a user group is created for each model object. Users that belong to the object group are granted read access.
Authorization
Authorization: The granting of rights and, based on these rights, the granting of access.
Access Groups
An Access Group is a group of registered users, together with their access rights (roles), authorized to have access to a resource, which in the case of the Project Portal are Documents and Projects. Each access group is associated with one access policy which grants the same level of access to all users that belong to the access group.
Access Groups can be described as follows:
A User belongs to an Access Group.
An Access Group is assigned an Access Policy
An Access Policy grants access to a Project
The scope of an Access Group is defined by one role, one model, and one policy
Base Relationships
A user may belong to zero or many access groups
An access group may contain zero or many users
An access group is assigned one and only one policy
A model resource has one and only one policy
A policy defines one and only level of access
Relationships
Source | Cardinality | Target | Relation |
|---|---|---|---|
User | n..n | Access Group | Member Of |
Access Group | 1..1 | Access Policy | Assigned To |
Access Group | n..1 | Role | Scoped To |
Access Group | n..1 | Model | Provides Access To |
Components of an Access Group:
Role Scope - The role associated with the access group
Model Scope - The model authorized by the access group
Name - The name of the access group using the convention [Role][Model]AccessGroup (ClientProjectAccessGroup)
Policy - Defines the authorization rules assigned to an access group including the model scope, access mode (create/read/edit/delete)
Using this documentation as a frame of reference: (https://cloud-native-toolkit.github.io/dev-guide/toolkit-resources/resource-mgmt/)[https://cloud-native-toolkit.github.io/dev-guide/toolkit-resources/resource-mgmt/].
Extended Relationships An extended set of relationships that allows a policy to define more than one level (or type) of access
Document Security
Access to Documents uploaded to the portal is tightly controlled to protect sensitive information. Documents cannot be shared via a sharable link (persistent url) similar to Google Docs or OneDrive. Rather, users must have the proper access via the portal. Documents are downloaded via temporary urls that are generated on demand (user clicks the download button) by the system. and expire after 5 minutes. Download permissions are inherited from Business Rules governing access. Please see the Documents and Client Access to Documents under the Business Rules topic. When the download button is clicked, a temporary link is generated, which is used to automatically download the file and accessed locally. Instead of opening a file on a remote device in a browser, the file is opened locally after being automatically downloaded (most likely from the Downloads folder in Windows 11).