The security model for service requests are defined by a combination of resources, actions, and model selectors. Each service method defines the set of resource/action combinations it requires to be authorized, and rejects access if the provided auth token has insufficient permissions. Selectors can be applied to permissions to further restrict access to a subset of the model or data sets.
The resource identifies the system component permissions may apply to. Multiple service methods may refer to the same resource type.
The action describes the type of access granted to the resource. Actions generally follow the CRUD model: create, read, update, delete. Service requests may require more than one type of action to be authorized (e.g. both create and update for a RESTful 'put' where the object may or may not already exist).
A selector optionally restricts access to a subset of the resource. Selectors are composed of a 'style' and a set or arguments. The following are the supported styles:
*: Selects all entities. Equivalent to not having specified an EntitySelector. No arguments are required.self: Selects only the agent associated with the auth token. An example would be to provide rename and password change privileges for a user. No arguments are required.type: Selects entities that have at least one of the specified types. Arguments are the relevant type list. Must provide at least one argument.parent: Selects entities by hierarchical relationship. Arguments are a list of entity names that form the parent set. All entities that are children (immediate or derived) of one of the parents through an owns relationship will be selected. Must provide at least one argument.| Resource | Actions | Description |
|---|---|---|
| entity | read, create, update, delete | Model entities that are not points/commands/endpoints. |
| entity_edge | read, create, delete | Edges/relationships in the model. |
| point | read, create, update, delete | Point model objects. |
| command | read, create, update, delete | Command model objects. |
| endpoint | read, create, update, delete | Endpoint model objects. Update includes the ability to enable/disable. |
| entity_key_value | read, create, update, delete | Key-values associated with model entities. Read includes ability to read keys and value contents. |
| user_command_request | create | Issuing a command request. |
| command_lock | read, delete | For reading and deleting command selects and blocks. |
| command_lock_select | create | For selecting commands to be issued. |
| command_lock_block | create | For blocking commands from being selected or issued. |
| measurement | read | Measurement values. |
| event | read, create | Events, reading or posting event templates. |
| alarm | read, update | Reading alarms, or updating their state (e.g. acknowledging, removing). |
| event_config | read, create, update, delete | Configuration that defines properties for event types. |
| frontEndRegistration | update | Used by protocol front-ends to register as the source for endpoints. |
| frontEndConnectionStatus | read | The communication status of front-end connections. |
| meas_override | read, create, update, delete | Measurement NIS and replace. |
| agent | read, create, update, delete | Agent, including permission set associations. Password is not viewable. |
| agent_password | update | Changing the agent password only. |
| agent_permissions | read, create, update, delete | Permission sets that can then be associated with agents. |
Agents are authorized to use services by the permission sets they have been assigned. Permission sets contain a set of permissions that allow or deny access to to combinations of resources and actions, with an optional selector.
Resources and actions can be identified by name, or the '*' character can be used to specify all resources or all actions.
All access is denied by default. If allows and denies overlap, access is denied.
| Type | Resources | Actions | Selector |
|---|---|---|---|
| ALLOW | * | read |
Note that create, update, and delete actions on all resources are denied by default.
| Type | Resources | Actions | Selector |
|---|---|---|---|
| ALLOW | agent_password | update | self |
| ALLOW | agent, agent_permissions | read | self |
These permissions allow a user to update his/her own password view his/her own agent description and permission sets. Note that it does not allow updating the agent resource itself (i.e. assigning new permissions) or updating permission sets.
| Type | Resources | Actions | Selector |
|---|---|---|---|
| ALLOW | command_lock_select, user_command_request | create | |
| ALLOW | command_lock | read |
| Type | Resources | Actions | Selector |
|---|---|---|---|
| ALLOW | frontEndRegistration | update | |
| ALLOW | event | create | |
| ALLOW | entity, entity_edge, point, command, endpoint, entity_key_value | read |
| Type | Resources | Actions | Selector |
|---|---|---|---|
| ALLOW | * | read | parent("WesternRegion") |
This demonstrates the 'parent' selector type, used to restrict access to part of the model hiearchy. Agents granted this permission set will only be able to read the part of the model under the "WesternRegion" entity.