Scoped Owner Based Access Control

Key points

User logic

Example use cases

Ownership transfer

  1. Create user A
  2. Grant A all possible scopes
  3. Add user A as owner to all owned entities
  4. Remove self from all owned entities

Delegating permissions

  1. Create user A
  2. Grant user A scope prefix/A/any/files, prefix/A/any/directories (do anything with owned files and directories)
  3. User A creates user B
  4. User A grants B scope owners/A/write/files
  5. User A is able to create/read/write files and directories, user B can only edit the files owned by user A

User groups

Via scopes
  1. Create user A
  2. Create user B
  3. Create user G
  4. Assign A and B scope prefix/G/any/any
  5. A and B now can act on entities owned by G or create entities owned by G
  6. Remove the scope from A to remove it from the group