Use case: Role-Based Access Control (RBAC) Workflow
Goal: The user wants to access the Customer Application/Service with appropriate authorization levels, based on their assigned roles and attributes.
Actors:
User (End User of the Customer Application/Service)
Main Flow:
- The user accesses the Sign-In User Interface (UI) of the Customer Application/Service.
- The user enters their credentials (username and password) and submits the form.
- The Customer Application validates the user's credentials.
- Upon successful validation, the Customer Application generates a request to Cripsa Inc's APIs for authentication.
- Cripsa Inc's APIs receive the authentication request and verify the user's attributes and roles.
- Cripsa Inc generates a unique code as a secure token.
- The Customer Application receives the generated code.
Alternate Flows:
- If user credentials are invalid:
- The Customer Application informs the user of the invalid credentials and prompts them to retry.
Preconditions:
- The user must have a valid account in the Customer Application.
- The user's account must be assigned appropriate roles and attributes.
Postconditions:
- The user gains access to the Customer Application/Service with the authorized levels of access based on their assigned roles and attributes.
Exceptions:
- Network connection errors between the user's device, the Customer Application, and Cripsa Inc's APIs.
- Cripsa Inc's APIs encounter technical issues and are temporarily unavailable.
- The user's roles and attributes are not properly configured, leading to incorrect access authorization.
Trigger:
- The user initiates the process by attempting to log in to the Customer Application/Service.
- This use case outlines the interaction between the user and the RBAC system during the process of accessing the Customer Application/Service. The RBAC system, facilitated by Cripsa Inc's APIs, ensures that the user's access is granted based on their roles and attributes, promoting secure and controlled access to the application's features and resources.
- Using the project details obtained from the project creation step, DevTech Solutions' development team designs and develops a user-friendly Sign-In User Interface (UI) for end users to log in to the application.
Role Design:
-
DevTech Solutions defines the necessary roles for their application based on the guidelines provided by Cripsa Inc's role design section. Roles like "AdminRole," "DeveloperRole," and "CustomerSupportRole" are established.
User Attribute Setup:
- The development team creates user accounts and configures their attributes using the "UpdateUserAttribute" API endpoint. Attributes such as roles, actions, groups, and custom attributes are included in the API request to reflect user responsibilities accurately.
User Authentication:
- End users access the Sign-In UI developed in the previous step to log in to the application using their credentials.
Code Generation:
- Upon successful authentication, Cripsa Inc generates a unique code that serves as a secure token to be used for further API interactions.
Token Retrieval:
- The application calls the "gettokenfromcode" API endpoint provided by Cripsa Inc, passing the generated code to request tokens like Access Token and Refresh Token.
Token Provision:
- Cripsa Inc provides the requested tokens (Access Token and Refresh Token) to the application, ensuring secure and authenticated access.
User Attribute Retrieval:
- The application queries the "userinfofromtoken" API endpoint to receive a detailed JSON-format user attribute package.
Attribute Interpretation:
- Cripsa Inc delivers the JSON-format user attribute package containing roles, actions, groups, and custom attributes for the authenticated user.
Attribute-Based Logic:
- DevTech Solutions' development team extracts relevant attributes from the received JSON data. They implement logical mechanisms within the application to grant appropriate access to users based on their attributes.
Access Authorization:
- With the applied attribute-based logic and access control mechanisms, end users are granted access to the application with authorization levels aligned with their defined roles and permissions.