dohertj2/scadalink-design
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
57eae0c1db324e7f82a7321944d206f4d4b14532
scadalink-design/Component-Security.md
Joseph Doherty 1944f94fed Initial design docs from claude.ai refinement sessions
2026-03-16 07:39:26 -04:00

97 lines
4.2 KiB
Markdown
Raw Blame History

# Component: Security & Auth
## Purpose
The Security & Auth component handles user authentication via LDAP/Active Directory and enforces role-based authorization across the system. It maps LDAP group memberships to system roles and applies permission checks to all operations.
## Location
Central cluster. Sites do not have user-facing interfaces and do not perform independent authentication.
## Responsibilities
- Authenticate users against LDAP/Active Directory using Windows Integrated Authentication.
- Map LDAP group memberships to system roles.
- Enforce role-based access control on all API and UI operations.
- Support site-scoped permissions for the Deployment role.
## Authentication
- **Mechanism**: Windows Integrated Authentication (Kerberos/NTLM) against Active Directory.
- **Session**: Authenticated user identity is maintained for the duration of the UI session.
- **No local user store**: All identity and group information comes from AD.
## Roles
### Admin
- **Scope**: System-wide (always).
- **Permissions**:
- Manage site definitions.
- Manage site-level data connections (define and assign to sites).
- Manage area definitions per site.
- Manage LDAP group-to-role mappings.
- Manage API keys (create, enable/disable, delete).
- System-level configuration.
- View audit logs.
### Design
- **Scope**: System-wide (always).
- **Permissions**:
- Create, edit, delete templates (including attributes, alarms, scripts).
- Manage shared scripts.
- Manage external system definitions.
- Manage database connection definitions.
- Manage notification lists and SMTP configuration.
- Manage inbound API method definitions.
- Run on-demand validation (template flattening, script compilation).
### Deployment
- **Scope**: System-wide or site-scoped.
- **Permissions**:
- Create and manage instances (overrides, connection bindings, area assignment).
- Disable, enable, and delete instances.
- Deploy configurations to instances.
- Deploy system-wide artifacts (shared scripts, external system definitions, DB connections, notification lists) to all sites.
- View deployment diffs and status.
- Use debug view.
- Manage parked messages.
- View site event logs.
- **Site scoping**: A user with site-scoped Deployment role can only perform these actions for instances at their permitted sites.
## Multi-Role Support
- A user can hold **multiple roles simultaneously** by being a member of multiple LDAP groups.
- Roles are **independent** — there is no implied hierarchy between roles.
- For example, a user who is a member of both `SCADA-Designers` and `SCADA-Deploy-All` holds both the Design and Deployment roles, allowing them to author templates and also deploy configurations.
## LDAP Group Mapping
- System administrators configure mappings between LDAP groups and roles.
- Examples:
- `SCADA-Admins` → Admin role
- `SCADA-Designers` → Design role
- `SCADA-Deploy-All` → Deployment role (all sites)
- `SCADA-Deploy-SiteA` → Deployment role (Site A only)
- `SCADA-Deploy-SiteB` → Deployment role (Site B only)
- A user can be a member of multiple groups, granting multiple independent roles.
- Group mappings are stored in the configuration database and managed via the Central UI (Admin role).
## Permission Enforcement
- Every API endpoint and UI action checks the authenticated user's roles before proceeding.
- Site-scoped checks additionally verify the target site is within the user's permitted sites.
- Unauthorized actions return an appropriate error and are not logged as audit events (only successful changes are audited).
## Dependencies
- **Active Directory / LDAP**: Source of user identity and group memberships.
- **Configuration Database (MS SQL)**: Stores LDAP group-to-role mappings and site scoping rules.
- **Configuration Database (via IAuditService)**: Security/admin changes (role mapping updates) are audit logged.
## Interactions
- **Central UI**: All UI requests pass through authentication and authorization.
- **Template Engine**: Design role enforcement.
- **Deployment Manager**: Deployment role enforcement with site scoping.
- **All central components**: Role checks are a cross-cutting concern applied at the API layer.
Reference in New Issue View Git Blame Copy Permalink