hostsharing/hs.hsadmin.ng
6
0
Fork 0
Code Pull Requests 3 Activity

add users to customer+package role diagrams

Browse Source
This commit is contained in:
Michael Hoennig 2022-07-26 13:18:36 +02:00
parent 46c5f5e53e
commit 190d39400a
1 changed files with 32 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

42
sql/rbac.md
View File

@ -419,6 +419,9 @@ hide circle
' use right-angled line routing ' use right-angled line routing
' skinparam linetype ortho ' skinparam linetype ortho
' needs PlantUML 1.2021.14 as Markdown plugin
allow_mixing
entity "BObj customer#xyz" as boCustXyz entity "BObj customer#xyz" as boCustXyz
together { together {
@ -443,9 +446,16 @@ entity "Role customer#xyz.owner" as roleCustXyzOwner
roleCustXyzOwner ..> roleCustXyzAdmin roleCustXyzOwner ..> roleCustXyzAdmin
roleCustXyzOwner --> permCustomerXyzAll roleCustXyzOwner --> permCustomerXyzAll
actor "Customer XYZ Admin" as actorCustXyzAdmin
actorCustXyzAdmin --> roleCustXyzAdmin
entity "Role administrators" as roleAdmins entity "Role administrators" as roleAdmins
roleAdmins --> roleCustXyzOwner roleAdmins --> roleCustXyzOwner
actor "Any Hostmaster" as actorHostmaster
actorHostmaster --> roleAdmins
@enduml @enduml
``` ```
@ -460,7 +470,7 @@ Grants which are not followed are still valid grants for `hsadminng.assumedRoles
Thus, if you want to access anything below a customer, assume its role first. Thus, if you want to access anything below a customer, assume its role first.
There is actually another speciality in the customer roles: There is actually another speciality in the customer roles:
For all others, a user defined by the customer gets the owner role assigned, just for the customer, the owners role is assigned to the 'administrators'. For all others, a user defined by the customer gets the owner role assigned, just for the customer, the owner's role is assigned to the 'administrators' role.
### Package Roles ### Package Roles
@ -478,19 +488,22 @@ hide circle
' use right-angled line routing ' use right-angled line routing
' skinparam linetype ortho ' skinparam linetype ortho
entity "BObj pacage#xyz00" as boPacXyz00 ' needs PlantUML 1.2021.14 as Markdown plugin
allow_mixing
entity "BObj package#xyz00" as boPacXyz00
together { together {
entity "Perm pacage#xyz00 *" as permPackageXyzAll entity "Perm package#xyz00 *" as permPackageXyzAll
permPackageXyzAll --> boPacXyz00 permPackageXyzAll --> boPacXyz00
entity "Perm pacage#xyz00 add-unixuser" as permPacXyz00AddUser entity "Perm package#xyz00 add-unixuser" as permPacXyz00AddUser
permPacXyz00AddUser --> boPacXyz00 permPacXyz00AddUser --> boPacXyz00
entity "Perm pacage#xyz00 edit" as permPacXyz00Edit entity "Perm package#xyz00 edit" as permPacXyz00Edit
permPacXyz00Edit --> boPacXyz00 permPacXyz00Edit --> boPacXyz00
entity "Perm pacage#xyz00 view" as permPacXyz00View entity "Perm package#xyz00 view" as permPacXyz00View
permPacXyz00View --> boPacXyz00 permPacXyz00View --> boPacXyz00
} }
@ -501,9 +514,9 @@ package {
} }
package { package {
entity "Role pacage#xyz00.owner" as rolePacXyz00Owner entity "Role package#xyz00.owner" as rolePacXyz00Owner
entity "Role pacage#xyz00.admin" as rolePacXyz00Admin entity "Role package#xyz00.admin" as rolePacXyz00Admin
entity "Role pacage#xyz00.tenant" as rolePacXyz00Tenant entity "Role package#xyz00.tenant" as rolePacXyz00Tenant
} }
rolePacXyz00Tenant --> permPacXyz00View rolePacXyz00Tenant --> permPacXyz00View
@ -521,13 +534,22 @@ rolePacXyz00Admin --> rolePacXyz00Tenant
rolePacXyz00Admin --> permPacXyz00AddUser rolePacXyz00Admin --> permPacXyz00AddUser
rolePacXyz00Admin --> permPacXyz00Edit rolePacXyz00Admin --> permPacXyz00Edit
actor "Package XYZ00 Admin" as actorPacXyzAdmin
actorPacXyzAdmin -l-> rolePacXyz00Admin
actor "Customer XYZ Admin" as actorCustXyzAdmin
actorCustXyzAdmin --> roleCustXyzAdmin
entity "Role administrators" as roleAdmins entity "Role administrators" as roleAdmins
roleAdmins --> roleCustXyzOwner roleAdmins --> roleCustXyzOwner
actor "Any Hostmaster" as actorHostmaster
actorHostmaster --> roleAdmins
@enduml @enduml
``` ```
Initially, the customer's admin role gets the package owner role granted. Initially, the customer's admin role is assigned to the package owner role.
They can use the package's admin role to hand over most management functionality to a third party. They can use the package's admin role to hand over most management functionality to a third party.
The 'administrators' can get access through an assumed customer's admin role or directly by assuming the package's owner or admin role. The 'administrators' can get access through an assumed customer's admin role or directly by assuming the package's owner or admin role.