manage.get.gov/docs/architecture/decisions/0019-role-based-access-control.md
Neil Martinsen-Burrell 23eb9d448b
Add RBAC ADR
Signed-off-by: Neil Martinsen-Burrell <neil.martinsen-burrell@gsa.gov>
2023-03-17 15:04:13 -05:00

935 B

19. Role-based Access Control

Date: 2023-03-17

Status

Approved

Context

In the registrar application, a single user might be associated with many domains, and they might have different levels of access to view or change those domains.

Decision

To use a role-based access control system where we have a model of different roles and an association that links a user to a specific role with a specified role. Each role would have some associated permissions in the application and we can enforce those permissions by using decorators on our Django views.

Consequences

There is no enterprise model here of users belonging to an “organization” with a role on all of its associated domain names. Instead, the association is per-domain and a user would have to be granted the role on each domain individually. There is also no process designed yet for how and whether users can grant other users roles on a domain.