User management and Access Control Lists (ACL)
PreviousUser management and Crypto Key ManagementNextCareBud Backend Application (Cloud Implementation)
Last updated
Was this helpful?
Last updated
Was this helpful?
Access control is a way of limiting access to a system or to physical or virtual resources. In computing, access control is a process by which users are granted access and certain privileges to systems, resources or information.
Accessing resources in the system need to be planed will between the entities depending on the accounts types or some identifications or per group. An access control list (ACL) is a table that tells a CareBud App which access rights each user has to a particular system object, such as a file directory or individual file records. Each object has a security attribute that identifies its access control list. The list has an entry for each system user with access privileges. The most common privileges include the ability to read a file (or all the files in a directory), to write to the file or files, and to execute the file (if it is an executable file, or program).
Access rules such as (Ready, Writing and Modifying) between two users or more are identified using Role Base Access Control (RBAC), Role-based access control is a method of restricting access based on the roles of individual users within the application. RBAC lets Doctors, Patients, relatives have access rights only to the information they need to do their jobs and prevents them from accessing information that doesn't pertain to them.
A Doctor role in the application determines the permissions that individual is granted and ensures that D1 can access sensitive information or perform high-level tasks for Patients P1, which will give him the right to (R,W,M). There are three roles that classified each user in the system depends on the account type, which are (Doctor, Patient and Relative) depending on that the access rights controlled in the system and all this roles for protecting and managing patient accounts from been accessed by unwanted user see the table example below.
Patient Details
Patient Health Status
Doctor Details
Relative Details
Patient General Reports
Patient
RWM
RWM
R
R
RWM
Doctor
R
R
RWM
R
RWM
Relative
R
R
RWM
R
The following Key Used: R: Read, RW: Read Write, RWM: Read Write and Modify
The doctor that been authorized to access patients’ files and change diagnosis, they can only access it after the system check if they have the authority to access. Same goes for relative R1 accounts which they have full control on their own account information .
The table above it will be formatted into access controls document as JSON format, resulting to that the system will check it every time the access right process performed in the application, see the following example.
When a user tries to access other user data the application will check for authorizing that user and it will grant him access to the resources. In the application, D1 will perform a write operation to write some information or advises to P1, at that moment the application will check if D1 authorized to perform this operation on P1 data, so the access right will be granted upon that. The following diagram shows how ACL performed in the application.
Same process performed with other type of users depending on the access right the application will process the request upon that. See below when Relative (R1) wants to access P1 account and perform write operation.
