RBAC: Role Based Access Control
Service Layer authorization model is based on role based access control. Roles and Policies will be defined for each service and that will determine the access privilege a user or a group of users would have in the system. RBAC is made of four elements:
- Roles - Bring Users, Groups, Policies together. Roles define what users can do with a resource.
- Users - Principal that is requesting access to a resource.
- Policies - List of rules that defines access to a resource.
- Resources - Things that the user needs to grant access to.
Role Definition for Service Layer
The roles defined for Service Layer will be per service rather than per resource. Roles by service means that each service will define roles required to access that particular service. For instance, a Policy Service will define roles that will be used by Segments and Roles with-in that policy. The roles are not defined by resources or entities. Since segments and policy roles can not be accessed outside the context of a policy.
| Role Name | Role Description | Role Privilege | Role Association |
| SL_ADMIN | Service Layer Administrator | Permit All | All Services |
| POLICY_READ | Policy Read Access | GET | Policy |
| POLICY_CREATE | Policy Write Access For Create | POST | Policy |
| POLICY_UPDATE | Policy Write Access For Update | PUT | Policy |
| POLICY_DELETE | Policy Delete Access | DELETE | Policy |
| CLIENT_READ | Client Read Access | GET | Client |
| CLIENT_CREATE | Client Write Access For Create | POST | Client |
| CLIENT_UPDATE | Client Write Access For Update | PUT | Client |
| CLIENT_DELETE | Client Delete Access | DELETE | Client |
| CASE_READ | Case Read Access | GET | Case |
| CASE_CREATE | Case Write Access For Create | POST | Case |
| CASE_UPDATE | Case Write Access For Update | PUT | Case |
| CASE_DELETE | Case Delete Access | DELETE | Case |
| GROUPCUSTOMER_READ | Customer Read Access | GET | Customer |
|
GROUPCUSTOMER_CREATE |
Customer Write Access For Create | POST | Customer |
| GROUPCUSTOMER_UPDATE | Customer Write Access For Update | PUT | Customer |
| GROUPCUSTOMER_DELETE | Customer Delete Access | DELETE | Customer |
| CLIENTRELATIONSHIP_READ | Client Relationship | GET | Client Relationship |
|
CLIENTRELATIONSHIP_CREATE |
Client Relationship Write Access For Create |
POST | Client Relationship |
| CLIENTRELATIONSHIP_UPDATE |
Client Relationship Write Access For Update |
PUT | Client Relationship |
| CLIENTRELATIONSHIP_DELETE |
Client Relationship Delete Access |
DELETE | Client Relationship |
| QUERY_READ | Query Read Access | GET | Query |
| QUERY_CREATE, QUERY_UPDATE | Query Write Access | POST | Query |
| QUERY_DELETE | Query Delete Access | DELETE | Query |
| COMPANY_READ | Company Read Access | GET | Company |
| PRODUCT_READ | Product Read Access | GET | Product |
| PLAN_READ | Plan Read Access | GET | Plan |
| SEGMENT_READ | Segment Read Access | GET | Segment |
| SEGMENT_CREATE | Segment Write Access For Create | POST | Segment |
| SEGMENT_UPDATE | Segment Write Access For Update | PUT | Segment |
| SEGMENT_DELETE | Segment Delete Access | DELETE | Segment |
| ROLE_READ | Role Read Access | GET | Role |
| ROLE_CREATE | Role Write Access For Create | POST | Role |
| ROLE_UPDATE | Role Write Access For Update | PUT | Role |
| ROLE_DELETE | Role Delete Access | DELETE | Role |
| SEGMENTROLE_READ | Segment Role Read Access | GET | Segment Role |
| SEGMENTROLE_CREATE | Segment Role Write Access For Create | POST | Segment Role |
| SEGMENTROLE_UPDATE | Segment Role Write Access For Update | PUT | SegmentRole |
| SEGMENTROLE_DELETE | Segment Role Delete Access | DELETE | Segment Role |
| REQUIREMENT_READ | Requirement Read Access | GET | Requirement |
| REQUIREMENT_CREATE | Requirement Write Access For Create | POST | Requirement |
| REQUIREMENT_UPDATE | Requirement Write Access For Update | PUT | Requirement |
| REQUIREMENT_DELETE | Requirement Delete Access | DELETE | Requirement |
| IMPAIRMENT_READ | Impairment Read Access | GET | Impairment |
| ADDRESS_READ | Address Read Access | GET | Address |
| ADDRESS_CREATE | Address Write Access For Create | POST | Address |
| ADDRESS_UPDATE | Address Write Access For Update | PUT | Address |
| ADDRESS_DELETE | Address Delete Access | DELETE | Address |
| PHONE_READ | Phone Read Access | GET | Phone |
| PHONE_CREATE | Phone Write Access For Create | POST | Phone |
| PHONE_UPDATE | Phone Write Access For Update | PUT | Phone |
| PHONE_DELETE | Phone Delete Access | DELETE | Phone |
|
DOMAINS_READ |
Allowed Domains Read access |
GET |
DOMAINS_READ |
|
DOMAINS_CREATE |
Allowed Domains Access For Create |
POST |
DOMAINS_CREATE |
|
DOMAINS_UPDATE |
Allowed Domains Access For Update |
PUT |
DOMAINS_UPDATE |
|
DOMAINS_DELETE |
Allowed Domains Delete Access |
DELETE |
DOMAINS_DELETE |
| REQUIREMENTRESULT_READ | RequirementResult Read Access | GET | RequirementResult |
| REQUIREMENTRESULT_CREATE | RequirementResult Write Access For Create | POST | RequirementResult |
| REQUIREMENTRESULT_UPDATE | RequirementResult Write Access For Update | PUT | RequirementResult |
| REQUIREMENTRESULT_PATCH | RequirementResult Patch Access | PATCH | RequirementResult |
| SUSPENSE_READ | Suspense Read Access | GET | Suspense |
| SUSPENSE_CREATE | Suspense Write Access For Create | POST | Suspense |
| SUSPENSE_UPDATE | Suspense Write Access For Update | PUT | Suspense |
| SUSPENSE_PATCH | Suspense Patch Access | PATCH | Suspense |
| WITHHOLDING_READ | Policy Withholding Read Access | GET | Policy Withholding |
| WITHHOLDING_CREATE | Policy Withholding Write Access For Create | POST | Policy Withholding |
| WITHHOLDING_UPDATE | Policy Withholding Write Access For Update | PUT | Policy Withholding |
| WITHHOLDING_PATCH | Policy Withholding Write Access For Patch | PATCH | Policy Withholding |
| WORKFLOWTASK_READ | WorkflowTask Read Access | GET | WorkflowTask |
| WORKFLOWTASK_CREATE | WorkflowTask Write Access For Create | POST | WorkflowTask |
| WORKFLOWTASK_UPDATE | WorkflowTask Write Access For Update | PUT | WorkflowTask |
| WORKFLOWTASK_PATCH | WorkflowTask Write Access For Patch | PATCH | WorkflowTask |
| RATEGROUP_READ | Rate Group Read Access | GET | Rate Group |
| RATEGROUP_CREATE | Rate Group Write Access For Create | POST | Rate Group |
| RATEGROUP_UPDATE | Rate Group Write Access For Update | PUT | Rate Group |
| RATEGROUP_PATCH | Rate Group Write Access For Patch | PATCH | Rate Group |
| RATE_READ | Rate Read Access | GET | Rate |
| RATE_CREATE | Rate Write Access For Create | POST | Rate |
| RATE_UPDATE | Rate Write Access For Update | PUT | Rate |
| RATE_PATCH | Rate Write Access For Patch | PATCH | Rate |
| RATE_DELETE | Rate Delete Access | DELETE | Rate |
| RATEGROUPRELATIONSHIP_READ | Rate Group Relationship Read Access | GET | Rate Group Relationship |
| RATEGROUPRELATIONSHIP_CREATE | Rate Group Relationship Write Access For Create | POST | Rate Group Relationship |
| RATEGROUPRELATIONSHIP_UPDATE | Rate Group Relationship Write Access For Update | PUT | Rate Group Relationship |
| RATEGROUPRELATIONSHIP_PATCH | Rate Group Relationship Write Access For Patch | PATCH | Rate Group Relationship |
| RATEGROUPRELATIONSHIP_DELETE | Rate Group Relationship Delete Access | DELETE | Rate Group Relationship |
| POLICY_PATCH | Policy Patch Access | PATCH | Policy |
| SEGMENT_PATCH | Segment Patch Access | PATCH | Segment |
| ROLE_PATCH | Role Patch Access | PATCH | Role |
| SEGMENTROLE_PATCH | SegmentRole Patch Access | PATCH | SegmentRole |
| REQUIREMENT_PATCH | Requirement Patch Access | PATCH | Requirement |
| CLIENT_PATCH | Client Patch Access | PATCH | Client |
| ADDRESS_PATCH | Address Patch Access | PATCH | Address |
| PHONE_PATCH | Phone Patch Access | PATCH | Phone |
| CASE_PATCH | Case Patch Access | PATCH | Case |
| GROUPCUSTOMER_PATCH | GroupCustomer Patch Access | PATCH | GroupCustomer |
| USER_PATCH | User Patch Access | PATCH | User |
| SECURITYGROUP_PATCH | SecurityGroup Patch Access | PATCH | SecurityGroup |
| DOMAINS_PATCH | Domain Patch Access | PATCH | Domain |
| OUTBOUNDAPPLICATION_PATCH | JMSOutboundApplication Patch Access | PATCH | JMSOutboundApplication |
| OUTBOUNDAPPLICATION_PATCH | SoapOutboundApplication Patch Access | PATCH | SoapOutboundApplication |
| OUTBOUNDAPPLICATION_PATCH | RestOutboundApplication Patch Access | PATCH | RestOutboundApplication |
| OUTBOUNDSECURITY_PATCH | JmsSecurity Patch Access | PATCH | JmsSecurity |
| OUTBOUNDSECURITY_PATCH | SoapSecurity Patch Access | PATCH | SoapSecurity |
| OUTBOUNDSECURITY_PATCH | RestSecurity Patch Access | PATCH | RestSecurity |
