Access control
Access control in DevRev is a system that authorizes an actor to perform actions on different targets within the application. In this context, an actor is any entity that interacts with the app, such as an organization member, a customer, a system user, or a service account.
When an actor attempts to carry out an action, such as creating an issue, the access control system checks the actor's role to determine if the actor has the necessary privileges to perform the desired action.
Each role consists of two essential parts: caveats and privileges. Caveats represent specific conditions that must be met for the role to be applicable. Privileges outline the actions or operations that the actor is granted when those caveats are satisfied. If at least one role provides the necessary privilege, for example, the CREATE privilege, the actor is granted permission to proceed with the action, allowing them to create the issue.
The process of checking access is as follows:
- Fetch all the user's groups.
- Fetch roles associated with the particular target from the user groups, which in this case would be the "Issue". Caveats represent specific conditions that must be met for the role to be applicable, while privileges outline the actions or operations that the actor is granted when those caveats are satisfied. Each role consists of two essential parts: caveats and privileges.
- The system evaluates the caveats of all the roles associated with the target. If at least one role provides the necessary privilege, say "CREATE" privilege, the actor is granted permission to proceed with the action, allowing them to create the issue.
If a user attempts an action they're not authorized to perform, they see a message which says "You are not authorized to perform this action". Relevant buttons may be inactive. Users can contact the organization's admins to enable access in that case.
