Access Control Services
Configure role based user access and map actions to roles
Overview
DIGIT is an API-based platform where each API denotes a DIGIT resource. The primary job of Access Control Service (ACS) is to authorise end-user based on their roles and provide access to the DIGIT platform resources. Access control functionality is essentially based on below points:
Actions: Actions are events which are performed by a user. This can be an API end-point or front-end event. This is the MDMS master.
Roles: Roles are assigned to users. A single user can hold multiple roles. Roles are defined in MDMS masters.
Role-Action: Role actions are mapped between Actions and Roles. Based on roles, the action mapping access control service identifies applicable actions for the role.
Pre-requisites
Before you proceed with the configuration, make sure the following pre-requisites are met -
Java 8
MDMS service is up and running
Key Functionalities
Serve the applicable actions for a user based on user roles (To print menu three).
On each action performed by a user, access control looks at the roles for the user and validates actions mapping with the role.
Support tenant-level role action - For instance, an employee from Amritsar can have the role of APPROVER for other ULBs like Jalandhar and hence will be authorised to act as APPROVER in Jalandhar.
Deployment Details
Deploy the latest version of the Access Control Service
Deploy MDMS service to fetch the Role Action Mappings
Configuration Details
Define the roles:
Add the actions (URL)
Add the role action mapping
The details about the fields in the configuration can be found in the Swagger contract
Integration Details
Integration Scope
Any microservice which requires authorisation can leverage the functionalities provided by the access control service.
Integration Benefits
Any new microservice that is to be added to the platform will not have to worry about authorisation. It can just add its role action mapping in the master data and the Access Control Service will perform authorisation whenever the API for the microservice is called.
Integration Steps
To integrate with Access Control Service the role action mapping has to be configured (added) in the MDMS service.
The service needs to call /actions/_authorize API of Access Control Service to check for authorisation of any request.
Interaction Diagram
Reference Docs
Doc Links
API List
/actions/_authorize
[LINK TO BE UPDATED]
Last updated