User right management
Authentification and authorization
User authentification
Every user can log in with his e-mail address and a corresponding password. The password is stored as a hash value.
The user password must meet the following criteria for security reasons:
- Password length between 8 and 18 characters.
- At least one capital letter.
- At least one lowercase letter.
- At least one number.
- At least one special character.
Resetting the password is only possible by the user himself. After a failed login attempt, you can have your password reset. A link to a password reset in the web GUI will be sent to the user by e-mail.
To prevent brute force attacks, the GUI delays a next login attempt by 5 seconds after each failed login.
The backend side login service is limited to 10 calls per minute and IP address and the response time of the login is artificially increased.
User authorization
The following figure illustrates the structure of authorization management. Currently, roles can be assigned to users. In the future, it is planned to enable the creation of custome roles and assignment of groups.
@startuml
skinparam monochrome true
skinparam defaultTextAlignment center
rectangle User
rectangle UserGroup
rectangle Workspace
rectangle Role
' rectangle Group
' rectangle Right
User "*" - "+" UserGroup
UserGroup "+" - "+" Workspace
UserGroup "*" - "+" Role
' Role "*" - "+" Group
' Group "*" - "+" Right
@enduml
Figure: Versio.io authorization right management
The following table describes the roles and group assignment in detail:
Roles | Scope | Description | Right-Groups |
---|---|---|---|
Server administrator | Server | Configure Versio.io server instance settings and create or deactivate environments. | Administrator |
Environment administrator | Environment | Configure Versio.io environment settings and user access. | Environment Admin, Environment Viewer, User admin, User viewer, API token admin, API token viewer |
User GUI access | Environment | Get GUI access for the specific environment. | Environment Viewer, User and password settings |
User API token management | Environment | Define and manage user specific API tokens for the specific environment. | User API token management |
CMDB viewer | Environment | Navigate, search and visualize configuration items and assets. | CAMDB reader |
CMDB writer | Environment | Save or update configuration items and assets via API. Depends on User API Token management . |
CAMDB writer |
CMDB configurator | Environment | Configure the settings for configuration items and assets (entity, entity groups, importer). | CAMDB configuration |
CA viewer | Environment | View and analyse the cost allocation. | CA reader |
CA configurator | Environment | Create and configure price models for cost allocations. | CA writer --> define price models |
GC viewer | Environment | View and analyse the violations and notifications based on governance & compliance rules. | GC reader |
GC executor | Environment | Execute a verification process for a ruleset. | |
GC configurator | Environment | Create and configure rulesets for governance & compliance verification. |
Table: Versio.io roles and groups