Problem statement:
...
We can use Identity based policy: Identity-based IAM (Identity Access Management) policies are attached to an IAM user, group, or role. These policies let you specify what that user, group, or role can do.
It will work as follows:
- Define Action : Need to define set of actions that can be perform by single user or groups of users. In Sunbird context Action can be logical name of our api end point.
- Define Group : Need to define Sunbird user in some logical groups. It will be based on users action and permission.
- Add Action into Group : Need to add list of actions into a group , By doing that system will allow particular group to perform set of associated actions.
- Add Groups inside roles: List of groups can be added for a particular role.
- Add roles into user : List of roles will be added inside user profile.
Example :
{
"Groups": [{
"gid": "groupId",
"name": "name of the group",
"description": "group description",
...
| Code Block | ||||
|---|---|---|---|---|
| ||||
Post
URL : /v1/verify/access
Request body :
{
userId : string
url : string
userAuthToken : string
}
Response :
HTTP status code : 200, 401 |
Resource categories :
In sunbird we can divide resource in following three bucket.
| Public | All the resources that can access publicly, Using api access key |
|---|---|
| Protected | All protected resource access required api access key as well as x-authenticated-user-token of any valid user |
| Private | All private resource access required api access key as well as x-authenticated-user-token of caller |