Add RBAC ADR

Signed-off-by: Neil Martinsen-Burrell <neil.martinsen-burrell@gsa.gov>
This commit is contained in:
Neil Martinsen-Burrell 2023-03-17 13:47:25 -05:00
parent 78500ef74c
commit 23eb9d448b
No known key found for this signature in database
GPG key ID: 6A3C818CC10D0184

View file

@ -0,0 +1,29 @@
# 19. Role-based Access Control
Date: 2023-03-17
## Status
Approved
## Context
In the registrar application, a single user might be associated with many
domains, and they might have different levels of access to view or change
those domains.
## Decision
To use a role-based access control system where we have a model of different
roles and an association that links a user to a specific role with a specified
role. Each role would have some associated permissions in the application and
we can enforce those permissions by using decorators on our Django views.
## Consequences
There is no enterprise model here of users belonging to an “organization” with
a role on all of its associated domain names. Instead, the association is
per-domain and a user would have to be granted the role on each domain
individually. There is also no process designed yet for how and whether users
can grant other users roles on a domain.