Role Based Access Control

Asset Reality's access control system(s) is configured to enforce assignment of privileges to individuals based on job classification and function.

1. Role-Based Access in the Backend

   The backend implements a flexible Role-Based Access Control (RBAC) system. Each user gains access by being assigned to one or more groups. Groups are associated with roles, and roles define specific permissions through attached policies. This structure ensures permissions are centrally managed and consistently applied within an organisation.

2. RBAC Model Components

   The access control system uses the following components:

   • Users: Authenticated identities
   • Organisations: Allows for scoped grouping of permissions
   • Groups: Collections of users (group.go)
   • Workspaces: Much like groups, used to connect collections of users to roles
   • Roles: Contain one or more policies (roles.go)
   • Policies: Action-specific permissions

3. Enforcement via Middleware

   Each protected route is wrapped in a centralised middleware that checks for required policies. For example, a route to create a user may require the TEAM_CREATE_USER policy. If the user does not have this policy, access is denied.

4. Auditing and Traceability

   All access attempts to protected routes are logged using an audit middleware. These logs include the user ID, route, action attempted, and result. This ensures traceability and supports internal compliance audits.