ACLs and policies
Status
-
Proposed -
Trialing -
Under review -
Approved -
Retired
Context & Scope
R2 already has entitlements service and ACLs on storage records that are used to control access to data. We need to define how do ACLs and policies relate to each other in R3 and beyond.
Decision
Evaluate feasibility of making current ACL enforcement a policy:
- Define a policy that would require that a user group is in the acl.viewers list of the record for a user to be able to view the record in the storage and find in the search
- Define a policy that would require that a user group is in the acl.owners list of the record for a user to be able to view/modify the record in the storage and find in the search
- Evaluate the performance of using policy vs R2 implementation
If feasible:
- Replace R2 implementation with policy
- Make ACL policy part of default OSDU setup
Rationale
Depending on the CSP and service in question (e.g., search vs storage), current implementation does actually treat it that way. It is just that the policy is not written in a generic way.
Consequences
- Simplification of the overall system
- ACL enforcement becomes configurable by owner of the OSDU instance
- Potential drop in performance
- Implications for data definitions and data loading teams - all currently working on the understanding that ACL's must be present upon load.
When to revisit
Once the feasibility has been evaluated.
Decision criteria and trade-offs
- Performance
- Simplicity
- Customizability
Decision timeline
July 2020