mirror of
https://github.com/cisagov/manage.get.gov.git
synced 2025-05-14 16:47:02 +02:00
29 lines
935 B
Markdown
29 lines
935 B
Markdown
# 19. Role-based Access Control
|
|
|
|
Date: 2023-03-17
|
|
|
|
## Status
|
|
|
|
Approved
|
|
|
|
## Context
|
|
|
|
In the registrar application, a single user might be associated with many
|
|
domains, and they might have different levels of access to view or change
|
|
those domains.
|
|
|
|
## Decision
|
|
|
|
To use a role-based access control system where we have a model of different
|
|
roles and an association that links a user to a specific role with a specified
|
|
role. Each role would have some associated permissions in the application and
|
|
we can enforce those permissions by using decorators on our Django views.
|
|
|
|
## Consequences
|
|
|
|
There is no enterprise model here of users belonging to an “organization” with
|
|
a role on all of its associated domain names. Instead, the association is
|
|
per-domain and a user would have to be granted the role on each domain
|
|
individually. There is also no process designed yet for how and whether users
|
|
can grant other users roles on a domain.
|
|
|