Users Authorization¶
CASL ability actions¶
This is the list of the permissions methods available for datasets and all their endpoints.
Endpoint authorization¶
- UserLogin
- UserRead
- UserCreate
- UserUpdate
- UserPassword
- UserDelete
Instance authorization¶
- UserReadOwn
- UserReadAny
- UserCreateOwn
- UserCreateAny
- UserUpdateOwn
- UserUpdateAny
- UserPasswordOwn
- UserPasswordAny
- UserDeleteAny
Priority¶
UserLogin(E)
UserCreate(E)-->UserCreateOwn(I)-->UserCreateAny(I);
UserRead(E)-->UserReadOwn(I)-->UserReadAny(I);
UserUpdate(E)-->UserUpdateOwner(I)-->UserUpdateAny(I);
UserPassword(E)-->UserPasswordOwner(I)-->UserPasswordAny(I);
UserDelete(E)-->UserDeleteOwn(I)-->UserDeleteAny(I);
Authorization table¶
| HTTP method | Endpoint | Endpoint Authorization | Anonymous | Authenticated User | User Privileged Groups | Admin Groups | User Delete Groups |
|---|---|---|---|---|---|---|---|
| POST | Users/jwt | UserRead | no | Own UserReadOwn |
no | no | no |
| POST | Users/login | UserLogin | no | no | no | no | no |
| GET | Users/id | UserRead | no | Own UserReadOwn |
Any UserReadAny |
Any UserReadAny |
no |
| GET | Users/id/userIdentity | UserRead | no | Own UserReadOwn |
Any UserReadAny |
Any UserReadAny |
no |
| POST | Users/id/settings | UserCreate | no | Own UserCreateOwn |
Any UserCreateAny |
Any UserCreateAny |
no |
| GET | Users/id/settings | UserUpdate | no | Own UserReadOwn |
Any UserReadAny |
Any UserReadAny |
no |
| PUT | Users/id/settings | UserUpdate | no | Own UserUpdateOwn |
Any UserUpdateAny |
Any UserUpdateAny |
no |
| PATCH | Users/id/settings | UserUpdate | no | Own UserUpdateOwn |
Any UserUpdateAny |
Any UserUpdateAny |
no |
| PATCH | Users/id/password | UserPassword | no | Own UserPasswordOwn |
Any UserPasswordAny |
Any UserPasswordAny |
no |
| DELETE | Users/id | UserDelete | no | no | no | no | Any UserDeleteAny |
| DELETE | Users/id/settings | UserDelete | no | no | no | no | Any UserDeleteAny |
| GET | Users/id/authorization/dataset/create | UserRead | no | Own UserReadOwn |
Own UserReadOwn |
Any UserReadAny |
no |
| GET | Users/logout | UserLogout | no | Own UserLogoutOwn |
no | no | no |
| GET | useridentities/findOne | UserRead | no | Own UserReadOwn |
Any UserReadAny |
Any UserReadAny |
no |