Skip to content

Auth for Organization

Overview

There are 2 component that meet the requirements from the data team for the oganziation authentication service.

flowchart LR
  subgraph auth[Auth Sercice]
    direction LR
    internal["[1]" Internal Auth]
    external["[2]" External Auth]
  end
  subgraph feature[Feature]
    direction TB
    rule[Rule Selection]
    role[Role]
    perm[Permission]
    resource[Internal and Public]
    rule --- role --- perm --- resource
  end
  auth --- feature

For the [1] Internal Auth:

Related to (a) Infrastructure of Data Platform (b) Internal User

Example Use-case:

Note

  • Authentication access into the operation website with domain of @innotech.vn

  • Mapping roles/permission with Row Level Record or Table Level (on specific route)

  • Mapping to related database operation (mostly through API permissions) like: (a) INSERT (b) UPDATE © CHANGE POLICY

For the [2] External Auth:

Related to (a) Public client (oganization/individual) (b) Centralized Portal for client

Example Use-case:

Note

(a) Access resource based on requests

(b) Rate Limit (Optional) ~> This can be set up with 3rd service like Redis

(c) Middleware (Authentication + Authorazation) ~> Access based on the application

The model for this design.

flowchart LR
  client[Client] -- granted by issuer --> account[Account] -- get API key --> Request
  Request -- """with headers authenticaton
  of "Bearer API_KEY"""" --> api[API]

(d) Control access based on IP

Note

Because the different use-case and the operation method with targeted resouces, we suggestion build, develop and manage the authentication service by the Data Team.