Skip to content

shv access control

Jump to bottom
Fanda Vacek edited this page Nov 15, 2020 · 42 revisions

Shv access control

Access Grant find algorithm

  1. Each user has list of roles defined and accessible to shvbroker. Each role has property weight of type int defined.
  2. Each SHV method defines its accessLevel as a number > 0 or string which must be convertible to access level int by node, see method ShvNode::grantToAccessLevel(...). accessLevel == 0 means no-access.
  3. When client calls the RPC method, then shvbroker check access list (ACL) for all the user's roles sorted by weight DESC.
  4. For role in roles sorted by weight, greatest first
    1. For access-rule in acces-rules for role sorted by most specific rule first
      1. if request shvPath matches access-rule
        1. then grant of this role is assigned to RPC request as AccessGrant meta-value and it is sent to the client. It is up to the client implementation whether it checks the accessGrant or not.
        2. stop searching with success
  5. 'Operation not permitted' RPC error is returned, because shvPath match is not found for any of role of any weight

Access rule

Access rule consist of:

  • path-pattern, which might have form:
    1. shv-path
    2. shv-path/**
  • method-pattern, which might have form:
    1. method-name
    2. empty string
  • access-grant, will be explained later in Access Grant Following access rules examples are sorted from most specific to least specific
path pattern method pattern
foo/bar baz
foo baz
foo/bar/** baz
foo/** baz
** baz
foo/bar ``
foo ``
foo/bar/** ``
foo/** ``
** ``

Access Grant

Acces grant is rpc value of next forms:

  • Int, then it is accessLevel.
  • String, then id is Role.
  • IMap, then it is AccessGrant, meta type AccessGrant is optional.
    • Possible fields: Type = 1, NotResolved, Role, AccessLevel, User, Password, LoginType

Access grants in client requests are removed by broker form security reasons. Only broker can set this field in RpcRequest.

  • If slave broker receives RpcMessage
    • if grant field IS SET, then RpcMessage is forwarded downstream with original grant unchanged. Request is authorized by master broker.
    • if grant field IS NOT SET, then role masterBroker is used in access grant resolution using access table. This is used mainly for service calls as (un)subscribe propagation to slave brokers etc.
  • If client receives RpcMessage
    • Access grant from RpcMessage is converted to accessLevel by method ShvNode::grantToAccessLevel(...) on client implementation.
Clone this wiki locally