Role Based Access Control System
Basic role based access control (authorization) system.
- Given a user, action type and resource system should be able to tell whether the user has access or not.
- System should be able to assign a role to user and remove a user from the role.
- Access to resources for users are controlled strictly by the role.
- One user can have multiple roles.
Design is kept simple, modular and extensible.
There are three modules:
- Command line interface: The module responsible for interaction with the end-user. Currently it is basic command line interface, but later it can be changed/replaced without affecting other modules. For example: it can be replaced by REST API.
- Authorization System: This module contains the logic to determine if the user is authorized for certain action on the resource.
- Data Access Object: This module is responsible for interacting with the storage and provide the data to the application. Currently it reads from csv file, and keeps the data in memory. It can easily be replaced with another DAO which interacts with Database.
Data is represented as Entities and relationships.
- User: All the information about the user.
- Role: All the information about the role.
- Resource: All the information about the resource.
- User Role Relation: The Many-to-many relationship between users and roles.
- Role Resource Relation: The Many-to-Many relationship between roles and resources.
Implementation is done in python3.6. No external library is used.
####Files
This file represents Command line interface module. It interacts directly with authorization module, but not with data access module. The function start contains the loop to receive and execute the command.
This file represents Authorization system module. It interacts directly with data access module. It provides functions: is_authorized, add_role_to_user and remove_user_from_role.
This file represents Data Access Object module. It interacts with storage(csv files) to provide data access to other modules.
This file contains the definition of entities and relationships.
This file stitch together all the module into an application.
This file contains definition of commonly occurring exceptions.
The system can be started using command
python main.py
The program load the data from data directory and provides a command prompt for basic functionality.
help: To know about available commands.users: To see all users.roles: To see all roles.resources: To see all resources.assign <user_id> <role_id>: To assign a user to a role.remove <user_id> <role_id>: To remove a user from a role. exit: To exit from command prompt.