acl.adoc 5.0 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152
  1. [#acls]
  2. = Access Control Lists
  3. OliveTin uses Access Control Lists (ACLs) to implement it's security model, which allows you to have fine-grained control over indivividual actions or groups of actions. This can be used to implement role based access control (RBAC), or other security models that you may need.
  4. ACLs are built up of the following set of rules;
  5. * `name` - The name of the ACL. This is used to identify the ACL in the configuration file.
  6. * `matchUsergroups` - A list of usergroups that this ACL applies to. This is used to match users that are in the specified usergroup.
  7. * `matchUserNames` - A list of usernames that this ACL applies to. This is used to match users that are in the specified usergroup.
  8. * `permissions` - A set of permissions which are used with **actions**. eg: `view`, `exec`, `logs`, etc.
  9. ** `addToEveryAction` - A boolean value that indicates if this ACL should be added to every action. This is useful if you want to apply the same ACL to all actions, without having to manually add it to each action.
  10. * `policy` - A policy is a set of rules that affect the **whole of OliveTin**.
  11. == ACLs and Policies (global)
  12. [mermaid, "sample", png]
  13. ....
  14. graph TD
  15. A[ACL] --> B[Policy]
  16. A -->|User/UserGroup| C[User/UserGroup]
  17. ....
  18. **Policies** are a set of rules that apply to the whole of OliveTin ("global"), and not just to individual actions (like permissions are).
  19. The **defaultPolicy** is special, in that all values are set to true by default. This means that if you do not set a `defaultPolicy`, then all policies will be set to `true` by default. This is effectively what the `defaultPolicy` is set to;
  20. [source,yaml]
  21. ----
  22. defaultPolicy:
  23. showDiagnostics: true
  24. showLogList: true
  25. ----
  26. You can override defaults using an ACL, like this;
  27. [source,yaml]
  28. ----
  29. accessControlLists:
  30. - name: admins
  31. matchUsergroups:
  32. - admins
  33. policy:
  34. showDiagnostics: true
  35. showLogList: true
  36. defaultPolicy:
  37. showDiagnostics: false
  38. showLogList: false
  39. ----
  40. == ACLs and Permissions (for Actions)
  41. [mermaid, "sample", png]
  42. ....
  43. graph TD
  44. A[Action] -->|ACL| B[ACL]
  45. B -->|User/UserGroup| C[User/UserGroup]
  46. B -->|Permissions| D[Permissions]
  47. ....
  48. An action always starts with `defaultPermissions` (see below), and then then have one or more ACLs applied to it. This means that you can for example have an action that is only available to a certain group of users, or only to a single user.
  49. Let's say you have a user `james` and a usergroup `admins`. You can then create an ACL that only allows `james` and users in the `admins` group to view and execute an action.
  50. You can specify default permissions for all actions by changing the `defaultPermissions` like this;
  51. [source,yaml]
  52. .`config.yaml`
  53. ----
  54. defaultPermissions:
  55. view: false
  56. exec: false
  57. logs: true
  58. ----
  59. In the example above, all users will start off with the permissions to only see action logs - but will not be able to view or execute actions.
  60. It is then possible to add an "admins" ACL on top of every action. In the example below, we define one extra ACL called "admins", which matches any users with the usergroup also called "admins". This ACL will then be applied to all actions, and will allow users in the "admins" usergroup to view and execute the action.
  61. [source,yaml]
  62. .`config.yaml`
  63. ----
  64. defaultPermissions:
  65. view: false
  66. exec: false
  67. accessControlLists:
  68. - name: admins
  69. matchUsergroups:
  70. - admins
  71. permissions:
  72. view: true
  73. exec: true
  74. actions:
  75. - title: Shutdown Reactor
  76. acls:
  77. - admins
  78. ----
  79. === Add an ACL to every action
  80. Sometimes you want to define an ACL that applies to all actions. It can be tedious and error prone to manually add the ACL under the "acls" list for every action, if you have several actions. Instead, there is a shortcut to add an ACL to all actions - `addToEveryAction: true`.
  81. [source,yaml]
  82. .`config.yaml`
  83. ```yaml
  84. accessControlLists:
  85. - name: admins
  86. matchUsergroups:
  87. - admins
  88. permissions:
  89. view: true
  90. exec: true
  91. addToEveryAction: true
  92. ```
  93. == ACL Matching - usernames and usergroups.
  94. You can match users based on their usergroup which is the most common, but it is also possible to match based on the user's username.
  95. [source,yaml]
  96. .`config.yaml`
  97. ```yaml
  98. accessControlLists:
  99. - name: admins
  100. matchUsergroups:
  101. - admins
  102. permissions:
  103. view: true
  104. exec: true
  105. - name: james
  106. matchUserNames:
  107. - james
  108. permissions:
  109. view: true
  110. exec: true
  111. ```
  112. == What's Next?
  113. Now that you understand ACLs, here's how to implement them:
  114. * xref:security/examples.adoc[View security examples] - See complete ACL configurations
  115. * xref:security/example_login_required.adoc[Example: Login required] - Configure login requirements
  116. * xref:security/example_some_admin_actions.adoc[Example: Admin-only actions] - Restrict actions to admins
  117. * xref:security/local.adoc[Set up local users] - Create users for ACL matching
  118. * xref:security/oauth2.adoc[Configure OAuth2] - Set up OAuth2 for user groups
  119. * xref:security/design_choices.adoc[Security design recommendations] - Learn best practices for ACL design