RaisinDB Access Control

The ACL Model

RaisinDB uses content-driven security. Permissions are not code -- they are regular content nodes stored in the built-in raisin:access_control workspace. Users, roles, and groups are all nodes with the types raisin:User, raisin:Role, and raisin:Group. Because they are content, you can query them with SQL, ship them in packages, and version them like any other data.

The workspace layout:

raisin:access_control/
├── config/
│   └── default                    # raisin:SecurityConfig -- global security settings
├── users/
│   ├── system/
│   │   └── anonymous              # raisin:User -- unauthenticated requests
│   └── internal/                  # System-managed users
├── roles/
│   ├── system_admin               # Full access to everything
│   ├── anonymous                  # Read-only access to public workspaces

raisindb-access-control

RaisinDB Access Control

The ACL Model

More from maravilla-labs/raisindb

raisindb-sql

raisindb-auth

raisindb-translations

raisindb-file-uploads

raisindb-frontend-react

raisindb-overview