Role-based access control is a policy-neutral access-control mechanism defined around roles and privileges. RemixFast Business App provides out of the box implementation of RBAC or Role Based Access Control functionality.
RemixFast RBAC implementation is made up of following major parts:
A right or permission determines what user can do. This can be a custom action or access to model/data.
A Role can represents an organization role like HR Manager or can be arbitrary like Department Admin.
role right is a unique combination of rights, permitting role assignee to access assigned rights and carry out included actions. In RemixFast, role right combination supports fine grained access level control - allows you to control whether user can Read, Create, Update and Delete. In addition, when building app, you can also define data filter to dynamically control which data user has access to, this is useful for personalization, for instance, you can limit user to only see data that they created using user id.
Provides for Assignment of role(s) to a user. What a particular user can access and actions that they can take are determined by role(s) assigned to user and resulting set of rights/permissions.
There are two main aspects of defining security with RemixFast RBAC.
At development time, you define core set of roles and assign rights to those roles. RemixFast provides two categories of rights out of the box, all models as rights, as well as all workflow actions as rights. You can fine tune access control using Access Level to assign CRUD permissions for each right assignment. You can also define data filtering logic to limit access to data by role-right.
RemixFast provides UI for you to build role at development time and assign them rights. You can easily check behavior of a particular role by using role selector in the Preview UI and check access to models and ensure proper actions are allowed (or disallowed) based on defined access level premissions.
At run time (in the generated codebase), every loader and action includes pre-wired security check and will also filter data based on user role with auto-generate data filtering logic, based on role right definition. All security checks are done preemptively, relying on fast exit pattern.
In addition to protecting every loader and action, generated codebase also has pre-build Admin Panel/UI (with corresponding routes/views). Admin Panel allows you manage users, assign role(s) to users, define new custom roles as required, assign rights to role, as well as UI to change existing role-right definition.
: bulb: Note: Generated code base includes database seeding logic that will seed right, role and roleright table with pre-defined data, allowing you to start using app right away!
Why Role - Right instead of just Role
Many developers tend to start with a simple role based system, checking if user has a specific role for a particular operation. While this is indeed very easy to get started with, it leads to spaghetti code as more roles are introduced and can lead to hard to maintain code. A right based system on another hand is much easier to maintain and implement as you are protecting a resource based on a single right. If user has a right, they can access the resource. It does not matter how user acquired the right, code just has to ensure that user holds the appropriate right! It does require a lot more code to setup and manager a right based system, but it is a lot easier in long run!