SlideShare a Scribd company logo

Server side authorization

Download as PPTX, PDF
Nitul Kukadia
Nitul Kukadia

This slides describes the service side authorization layers. It includes operation/service, policy based and data access layer authorization.

Technology
1 of 11
Server Side Authorization ● Data Access and Modification ● Operational Authorization ● Policy based Authorization
Data Access and Modification ● User who owns the data ● User who is eligible to access or modify data E.g. Whether logged in user is authorized to access/modify data
Operational Authorization ● Operations are only allowed to be performed by Users having specified roles and permissions E.g. Only admin can view or update company account email E.g. User who is alloted permission by admin can view or update company account email
Policy based Authorization ● Operations are only allowed to be performed by users having authorization defined under Policy (containing business rules for authorization of access and operations) E.g. Once user have spent all the available credit, he is not allowed to spend anymore E.g. User can download maximum 2 movies in a day
Admin User 1 (Free subscription) User 2 (Premium subscription) Shared Data User 1 Data User 2 Data View Video details Upload video Delete Video Free - max 5 videos Premium - Max 100 videos Operations Data Access
Shared Data User 1 Data User 2 Data View Video details Upload video Delete Video Policy based Authorization Operational Authorization Data Access /Modification Authorization Admin User 1 (Free subscription) User 2 (Premium subscription)
View Video details Upload video Delete Video Operational Authorization ● Define service codes ● Define user roles 1. Service codes a. VIDEO_VIEW b. VIDEO_UPLOAD c. VIDEO_DELETE 2. Roles a. ADMIN b. FREE_SUBSCRIBER c. PREMIUM_SUBSCRIBER Operational execution is intercepted and checked whether logged in user’s role has permission to execute the requested operation. Admin User 1 (Free subscription) User 2 (Premium subscription)
View Video details Upload video Delete Video Policy based authorization Operations ● Configure policy with business rules Policy module checks whether the current user data qualifies the policy rules. Admin User 1 (Free subscription) User 2 (Premium subscription)
Shared Data User 1 Data User 2 Data ● Logged in user ● Data contains information of its owner Video ● Id ● Uploaded by ● date Video thumbnail ● Id ● Video id Operation 1: User 1 deletes video Parameters: video id, owner id Operation 2: User 1 deletes video thumbnail Parameters: thumbnail id, video id, owner id Here in operation 2, video id is required to check if thumbnail is owned by the user. Data Access and Modification
Shared Data User 1 Data User 2 Data Video ● Id ● Uploaded by ● date Video thumbnail Operation: delete child at Level 3 Problem: How to check ownership at level 3 efficiently. It is not recommended to fetch all levels in application and traverse it to check video ownership Data Access and Modification Level 2 Level 3 Solution: Use SQL Joins to filter the 3rd level delete from Level3 L3 Inner Join Level2 L2 Inner Join VideoThumbline VT Inner Join Video V Where L3.Id and V.
Thank You Nitul Kukadia nitulkukadia@gmail.com

Recommended

Magento 2 Admin Action Log
Magento 2 Admin Action LogMagento 2 Admin Action Log
Magento 2 Admin Action LogMeetanshi
 
Raccf filestorage url access-cloudberrylab
Raccf filestorage url access-cloudberrylabRaccf filestorage url access-cloudberrylab
Raccf filestorage url access-cloudberrylabbaskaranmani123
 
Raccf filestorage url access-cloudberrylab
Raccf filestorage url access-cloudberrylabRaccf filestorage url access-cloudberrylab
Raccf filestorage url access-cloudberrylabbaskaranmani123
 
Raccf filestorage url access
Raccf filestorage url accessRaccf filestorage url access
Raccf filestorage url accessbaskaranmani123
 
gControl_Overview
gControl_OverviewgControl_Overview
gControl_OverviewAdbhut Mishra
 
Joget Workflow v6 Training Slides - 10 - Participant Mapping and Permission C...
Joget Workflow v6 Training Slides - 10 - Participant Mapping and Permission C...Joget Workflow v6 Training Slides - 10 - Participant Mapping and Permission C...
Joget Workflow v6 Training Slides - 10 - Participant Mapping and Permission C...Joget Workflow
 
Eu GDPR Compliance Magento 2 Extension User Guide- SetuBridge
Eu GDPR Compliance Magento 2 Extension User Guide- SetuBridgeEu GDPR Compliance Magento 2 Extension User Guide- SetuBridge
Eu GDPR Compliance Magento 2 Extension User Guide- SetuBridgeSetuBridge Technolabs
 
OWASP Top 10 Vulnerabilities - A5-Broken Access Control; A6-Security Misconfi...
OWASP Top 10 Vulnerabilities - A5-Broken Access Control; A6-Security Misconfi...OWASP Top 10 Vulnerabilities - A5-Broken Access Control; A6-Security Misconfi...
OWASP Top 10 Vulnerabilities - A5-Broken Access Control; A6-Security Misconfi...Lenur Dzhemiliev
 

Recommended

Magento 2 Admin Action Log
Magento 2 Admin Action LogMagento 2 Admin Action Log
Magento 2 Admin Action LogMeetanshi
 
Raccf filestorage url access-cloudberrylab
Raccf filestorage url access-cloudberrylabRaccf filestorage url access-cloudberrylab
Raccf filestorage url access-cloudberrylabbaskaranmani123
 
Raccf filestorage url access-cloudberrylab
Raccf filestorage url access-cloudberrylabRaccf filestorage url access-cloudberrylab
Raccf filestorage url access-cloudberrylabbaskaranmani123
 
Raccf filestorage url access
Raccf filestorage url accessRaccf filestorage url access
Raccf filestorage url accessbaskaranmani123
 
gControl_Overview
gControl_OverviewgControl_Overview
gControl_OverviewAdbhut Mishra
 
Joget Workflow v6 Training Slides - 10 - Participant Mapping and Permission C...
Joget Workflow v6 Training Slides - 10 - Participant Mapping and Permission C...Joget Workflow v6 Training Slides - 10 - Participant Mapping and Permission C...
Joget Workflow v6 Training Slides - 10 - Participant Mapping and Permission C...Joget Workflow
 
Eu GDPR Compliance Magento 2 Extension User Guide- SetuBridge
Eu GDPR Compliance Magento 2 Extension User Guide- SetuBridgeEu GDPR Compliance Magento 2 Extension User Guide- SetuBridge
Eu GDPR Compliance Magento 2 Extension User Guide- SetuBridgeSetuBridge Technolabs
 
OWASP Top 10 Vulnerabilities - A5-Broken Access Control; A6-Security Misconfi...
OWASP Top 10 Vulnerabilities - A5-Broken Access Control; A6-Security Misconfi...OWASP Top 10 Vulnerabilities - A5-Broken Access Control; A6-Security Misconfi...
OWASP Top 10 Vulnerabilities - A5-Broken Access Control; A6-Security Misconfi...Lenur Dzhemiliev
 
IRJET - Scrutinize the Utility of Preserved Data with Privacy
IRJET - Scrutinize the Utility of Preserved Data with PrivacyIRJET - Scrutinize the Utility of Preserved Data with Privacy
IRJET - Scrutinize the Utility of Preserved Data with PrivacyIRJET Journal
 
Jresearch Flexess presentation
Jresearch Flexess presentationJresearch Flexess presentation
Jresearch Flexess presentationStanislav Spiridonov
 
Presentation on Personal Identity Management
Presentation on Personal Identity ManagementPresentation on Personal Identity Management
Presentation on Personal Identity ManagementAkhil Upadhyay
 
Access Profiles in dinManage by dinCloud
Access Profiles in dinManage by dinCloudAccess Profiles in dinManage by dinCloud
Access Profiles in dinManage by dinClouddinCloud Inc.
 
Viewfinity Product Overview
Viewfinity Product OverviewViewfinity Product Overview
Viewfinity Product Overviewakeophila
 
PowerTech - Part-Time Privileges: Accountability for Powerful Users
PowerTech - Part-Time Privileges: Accountability for Powerful UsersPowerTech - Part-Time Privileges: Accountability for Powerful Users
PowerTech - Part-Time Privileges: Accountability for Powerful UsersHelpSystems
 
Successfactor mastery
Successfactor masterySuccessfactor mastery
Successfactor masteryHitesh Gulani
 
Joomla GDPR compliance
Joomla GDPR complianceJoomla GDPR compliance
Joomla GDPR complianceWebkul Software Pvt. Ltd.
 
Acp policies
Acp policiesAcp policies
Acp policiesLaxmi Kanth Kshatriya
 
Salesforce admin training 2
Salesforce admin training 2Salesforce admin training 2
Salesforce admin training 2HungPham381
 
our srs (1).pdf
our srs (1).pdfour srs (1).pdf
our srs (1).pdfShaliniKumariGupta1
 
Active Directory Auditing
Active Directory AuditingActive Directory Auditing
Active Directory AuditingWILLA REYES
 
YouTube Content ID Handbook - Google
YouTube Content ID Handbook - GoogleYouTube Content ID Handbook - Google
YouTube Content ID Handbook - GoogleCarlos Pacheco
 
MySQL: Create multiple DB accounts for an app using SYSTEM_USER privilege and...
MySQL: Create multiple DB accounts for an app using SYSTEM_USER privilege and...MySQL: Create multiple DB accounts for an app using SYSTEM_USER privilege and...
MySQL: Create multiple DB accounts for an app using SYSTEM_USER privilege and...Arnab Ray
 
Enerit ISO 50001 Managing Nonconformities Training Presentation
Enerit ISO 50001 Managing Nonconformities Training PresentationEnerit ISO 50001 Managing Nonconformities Training Presentation
Enerit ISO 50001 Managing Nonconformities Training PresentationArantico Ltd
 
Better access control of administrators
Better access control of administratorsBetter access control of administrators
Better access control of administratorsRahul Sisondia
 
Magento 2 Admin Actions Log Extension
Magento 2 Admin Actions Log ExtensionMagento 2 Admin Actions Log Extension
Magento 2 Admin Actions Log ExtensionTheMagicians
 
Admin process.pdf
Admin process.pdfAdmin process.pdf
Admin process.pdfITDevelopmentSKI
 
Admin process.pdf
Admin process.pdfAdmin process.pdf
Admin process.pdfITDevelopmentSKI
 
Vj courier
Vj courier Vj courier
Vj courier JayeshKedar
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...Zilliz
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamUiPathCommunity
 

More Related Content

Similar to Server side authorization

IRJET - Scrutinize the Utility of Preserved Data with Privacy
IRJET - Scrutinize the Utility of Preserved Data with PrivacyIRJET - Scrutinize the Utility of Preserved Data with Privacy
IRJET - Scrutinize the Utility of Preserved Data with PrivacyIRJET Journal
 
Presentation on Personal Identity Management
Presentation on Personal Identity ManagementPresentation on Personal Identity Management
Presentation on Personal Identity ManagementAkhil Upadhyay
 
Access Profiles in dinManage by dinCloud
Access Profiles in dinManage by dinCloudAccess Profiles in dinManage by dinCloud
Access Profiles in dinManage by dinClouddinCloud Inc.
 
Viewfinity Product Overview
Viewfinity Product OverviewViewfinity Product Overview
Viewfinity Product Overviewakeophila
 
PowerTech - Part-Time Privileges: Accountability for Powerful Users
PowerTech - Part-Time Privileges: Accountability for Powerful UsersPowerTech - Part-Time Privileges: Accountability for Powerful Users
PowerTech - Part-Time Privileges: Accountability for Powerful UsersHelpSystems
 
Successfactor mastery
Successfactor masterySuccessfactor mastery
Successfactor masteryHitesh Gulani
 
Salesforce admin training 2
Salesforce admin training 2Salesforce admin training 2
Salesforce admin training 2HungPham381
 
Active Directory Auditing
Active Directory AuditingActive Directory Auditing
Active Directory AuditingWILLA REYES
 
YouTube Content ID Handbook - Google
YouTube Content ID Handbook - GoogleYouTube Content ID Handbook - Google
YouTube Content ID Handbook - GoogleCarlos Pacheco
 
MySQL: Create multiple DB accounts for an app using SYSTEM_USER privilege and...
MySQL: Create multiple DB accounts for an app using SYSTEM_USER privilege and...MySQL: Create multiple DB accounts for an app using SYSTEM_USER privilege and...
MySQL: Create multiple DB accounts for an app using SYSTEM_USER privilege and...Arnab Ray
 
Enerit ISO 50001 Managing Nonconformities Training Presentation
Enerit ISO 50001 Managing Nonconformities Training PresentationEnerit ISO 50001 Managing Nonconformities Training Presentation
Enerit ISO 50001 Managing Nonconformities Training PresentationArantico Ltd
 
Better access control of administrators
Better access control of administratorsBetter access control of administrators
Better access control of administratorsRahul Sisondia
 
Magento 2 Admin Actions Log Extension
Magento 2 Admin Actions Log ExtensionMagento 2 Admin Actions Log Extension
Magento 2 Admin Actions Log ExtensionTheMagicians
 

Similar to Server side authorization (20)

IRJET - Scrutinize the Utility of Preserved Data with Privacy
IRJET - Scrutinize the Utility of Preserved Data with PrivacyIRJET - Scrutinize the Utility of Preserved Data with Privacy
IRJET - Scrutinize the Utility of Preserved Data with Privacy
 
Jresearch Flexess presentation
Jresearch Flexess presentationJresearch Flexess presentation
Jresearch Flexess presentation
 
Presentation on Personal Identity Management
Presentation on Personal Identity ManagementPresentation on Personal Identity Management
Presentation on Personal Identity Management
 
Access Profiles in dinManage by dinCloud
Access Profiles in dinManage by dinCloudAccess Profiles in dinManage by dinCloud
Access Profiles in dinManage by dinCloud
 
Viewfinity Product Overview
Viewfinity Product OverviewViewfinity Product Overview
Viewfinity Product Overview
 
PowerTech - Part-Time Privileges: Accountability for Powerful Users
PowerTech - Part-Time Privileges: Accountability for Powerful UsersPowerTech - Part-Time Privileges: Accountability for Powerful Users
PowerTech - Part-Time Privileges: Accountability for Powerful Users
 
Successfactor mastery
Successfactor masterySuccessfactor mastery
Successfactor mastery
 
Joomla GDPR compliance
Joomla GDPR complianceJoomla GDPR compliance
Joomla GDPR compliance
 
Acp policies
Acp policiesAcp policies
Acp policies
 
Salesforce admin training 2
Salesforce admin training 2Salesforce admin training 2
Salesforce admin training 2
 
our srs (1).pdf
our srs (1).pdfour srs (1).pdf
our srs (1).pdf
 
Active Directory Auditing
Active Directory AuditingActive Directory Auditing
Active Directory Auditing
 
YouTube Content ID Handbook - Google
YouTube Content ID Handbook - GoogleYouTube Content ID Handbook - Google
YouTube Content ID Handbook - Google
 
MySQL: Create multiple DB accounts for an app using SYSTEM_USER privilege and...
MySQL: Create multiple DB accounts for an app using SYSTEM_USER privilege and...MySQL: Create multiple DB accounts for an app using SYSTEM_USER privilege and...
MySQL: Create multiple DB accounts for an app using SYSTEM_USER privilege and...
 
Enerit ISO 50001 Managing Nonconformities Training Presentation
Enerit ISO 50001 Managing Nonconformities Training PresentationEnerit ISO 50001 Managing Nonconformities Training Presentation
Enerit ISO 50001 Managing Nonconformities Training Presentation
 
Better access control of administrators
Better access control of administratorsBetter access control of administrators
Better access control of administrators
 
Magento 2 Admin Actions Log Extension
Magento 2 Admin Actions Log ExtensionMagento 2 Admin Actions Log Extension
Magento 2 Admin Actions Log Extension
 
Admin process.pdf
Admin process.pdfAdmin process.pdf
Admin process.pdf
 
Admin process.pdf
Admin process.pdfAdmin process.pdf
Admin process.pdf
 
Vj courier
Vj courier Vj courier
Vj courier
 

Recently uploaded

"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...Zilliz
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamUiPathCommunity
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native ApplicationsWSO2
 
Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024The Digital Insurer
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMESafe Software
 
Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusExploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusZilliz
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Angeliki Cooney
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesrafiqahmad00786416
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsNanddeep Nachan
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024The Digital Insurer
 
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...apidays
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...apidays
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxRustici Software
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Orbitshub
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...apidays
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Jeffrey Haguewood
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 

Recently uploaded (20)

"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
 
Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusExploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with Milvus
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
 
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 

Server side authorization

  • 1. Server Side Authorization ● Data Access and Modification ● Operational Authorization ● Policy based Authorization
  • 2. Data Access and Modification ● User who owns the data ● User who is eligible to access or modify data E.g. Whether logged in user is authorized to access/modify data
  • 3. Operational Authorization ● Operations are only allowed to be performed by Users having specified roles and permissions E.g. Only admin can view or update company account email E.g. User who is alloted permission by admin can view or update company account email
  • 4. Policy based Authorization ● Operations are only allowed to be performed by users having authorization defined under Policy (containing business rules for authorization of access and operations) E.g. Once user have spent all the available credit, he is not allowed to spend anymore E.g. User can download maximum 2 movies in a day
  • 5. Admin User 1 (Free subscription) User 2 (Premium subscription) Shared Data User 1 Data User 2 Data View Video details Upload video Delete Video Free - max 5 videos Premium - Max 100 videos Operations Data Access
  • 6. Shared Data User 1 Data User 2 Data View Video details Upload video Delete Video Policy based Authorization Operational Authorization Data Access /Modification Authorization Admin User 1 (Free subscription) User 2 (Premium subscription)
  • 7. View Video details Upload video Delete Video Operational Authorization ● Define service codes ● Define user roles 1. Service codes a. VIDEO_VIEW b. VIDEO_UPLOAD c. VIDEO_DELETE 2. Roles a. ADMIN b. FREE_SUBSCRIBER c. PREMIUM_SUBSCRIBER Operational execution is intercepted and checked whether logged in user’s role has permission to execute the requested operation. Admin User 1 (Free subscription) User 2 (Premium subscription)
  • 8. View Video details Upload video Delete Video Policy based authorization Operations ● Configure policy with business rules Policy module checks whether the current user data qualifies the policy rules. Admin User 1 (Free subscription) User 2 (Premium subscription)
  • 9. Shared Data User 1 Data User 2 Data ● Logged in user ● Data contains information of its owner Video ● Id ● Uploaded by ● date Video thumbnail ● Id ● Video id Operation 1: User 1 deletes video Parameters: video id, owner id Operation 2: User 1 deletes video thumbnail Parameters: thumbnail id, video id, owner id Here in operation 2, video id is required to check if thumbnail is owned by the user. Data Access and Modification
  • 10. Shared Data User 1 Data User 2 Data Video ● Id ● Uploaded by ● date Video thumbnail Operation: delete child at Level 3 Problem: How to check ownership at level 3 efficiently. It is not recommended to fetch all levels in application and traverse it to check video ownership Data Access and Modification Level 2 Level 3 Solution: Use SQL Joins to filter the 3rd level delete from Level3 L3 Inner Join Level2 L2 Inner Join VideoThumbline VT Inner Join Video V Where L3.Id and V.