Authorization architecture
• Implement Field-Level Role management allowing administrators to define View
and Edit permissions for individual data fields based on user roles.
• Incorporate Data Classification (e.g., Secret, Confidential, Internal, Public)
for data fields and corresponding Clearance Levels for roles.
• Implement Data Masking for sensitive fields when a user lacks sufficient
permission or clearance to view the actual data.
UI Enhancements
- Extend the Hierarchy
Tree:
The main tree structure needs
to be extended to include Fields as the lowest level under Entities.
- New Structure: Module
-> Entity -> Field
The existing
"Action" items (like Edit Account, Export Account) representing
feature-level permissions should likely remain, grouped under Module.
- Introduce Field-Level
View/Edit Controls:
New Checkboxes: Add specific
View and Edit checkboxes that only appear next to the Field-level items in the
tree.
- These checkboxes control
the permissions stored in the new RoleField Permission table.
- These could be new
columns aligned similarly to the existing Read/Write, but clearly
designated for fields.
- Existing Read/Write
Controls:
The existing Read and Write
checkboxes should remain for the Module, Feature Group, and Action level items.
- Add Classification
Column:
Introduce a new read-only
column in the tree/list view, aligned with the rows.
- For rows corresponding
to Fields, this column should display the field's ClassificationLevel
(e.g., 'Public', 'Internal', 'Confidential', 'Secret') fetched from the
FieldClassification table.
- Display Role Clearance:
Somewhere near the selected
Role name (e.g., below the dropdown), display the MaxClearanceLevel assigned to
that Role (read-only).
- Implement Checkboxes for
Fields:
Add aggregate View and Edit
checkboxes at the Entity and Module levels within the tree.
This is to reflect and
control the state of all underlying field permissions within that scope.
Clicking them would allow bulk grant/revoke operations for fields
- Add Search/Filtering:
Include a search input field
above the tree to allow administrators to quickly filter the potentially long
list fields by name.
- Update Save/Copy Logic:
The Save button's action now
needs to update potentially both the RolePermission (for feature-level changes)
and RoleFieldPermission (for field-level changes) tables.
The Copy Privileges
functionality needs to be updated to intelligently copy both sets of
permissions if desired.
User Management
Role Clearance Levels: Each role is assigned a maximum sensitivity level it
can access.
For instance, a Lab
Technician role might have clearance = Internal (can see Class 3 and Class 4
data, but not Confidential or Secret), whereas a Lab Manager might have
clearance = Confidential (Class 2) and an Admin clearance = Secret (Class 1).
We will represent this in the
Role table (e.g. a column MaxSensitivity or numeric level). The Authorization
service will interpret this such that:
- A user’s effective
clearance is the highest of any role they possess.
- If a user has multiple
roles, consider whichever role grants higher clearance prevails, since
that user is trusted up to that level.
Server-Side Masking Implementation: When a microservice
determines that a field’s value should not be revealed, instead of dropping it,
it replaces the value with a masked representation:
- Use a constant string or asterisks of matching length.
E.g., Customer Name Peter Lynch might be sent as *********ch (preserving
last 2 digits)
When a microservice is determining whether to show a field,
it now must consider both the user’s explicit field permission and the Users
Clearance level:
- Role-based check: Does the user’s role normally allow
access to this field? (From the field-level permissions discussed above.)
- Classification check: Is the field’s sensitivity <=
the user’s clearance level? If not, the field must be treated as
disallowed, even if the role would otherwise permit it.
No comments:
Post a Comment