Notes regarding Hydrolix Authentication and Authorization data model

Users & Tokens

  • users are authenticated via an email address & password.
  • tokens are authenticated via a (revokable) OAuth token id
  • In the future we will support MFA and SAML-based authentication as well.

Permissions

Permissions are granular priviledges applied to an individual user or token, granting them the ability to take specific actions for a specific set of resources.

Roles

Roles represent a set of permissions. For example:

  1. admin - can access config api, and change any setting
  2. operator - can acess config api, but can ony view current settings
  3. publisher - can access ingest api to pubish data
  4. reader - can access query api to query data

Intially we only support these 4, but we plan to add support for custom roles in the future.

Scopes

Scopes come in three flavors:

  1. All projects: .
  2. One specific project: {project}.*
  3. One specific table: {project}.{table}