Access control

The access to subscription and its resources is managed using role-based access control system. In this system there are three main components (role, subject and scope) that combined form a role assignment which effectively controls access in the system.

Role components

Role

A role or the role definition is a collection of permissions. It defines which actions can or cannot be performed.

UsesData platform includes many different roles for configuring permissions.

Subject

The subject, or security principal, is a user or an automated client or other object that is accessing the system.

Scope

The scope is the subscription or resource that is being accessed.

Role assignment

Role assignment is formed when a role is assigned to a subject for a scope. Role assignments are used to perform the access control in UsesData platform.

In above example the user Lisa is assigned Owner role for Car Manufacturer Subscription. With this role assignment Lisa will be able to manage all aspects of the Car Manufacturer Subscription including but not limited to its users, resources, access control and billing.

The user Jack on the other hand is assigned Reader role for the Berlin Factory Resource group. With this role assignment Jack will be able to view resources in the Berlin Factory Resource group but will be unable to create new resources or manage access for other users among other things.

Lastly there is the Stamping Press Device, which has been assigned Data Writer role to the Stamping Press Data Collection group. The Stamping Press Device will have the permission to write data to the Stamping Press Data Collection resource.