Role Based Access Control

Role Assignment

A role assignment has three components :

  1. Role to be assigned
  2. Profile the role is assigned to
  3. Scope of the assignment

A profile can have multiple role assignments, with different scopes for the same role as well to allow for access to multiple resource-instances of the same resource-kind.

Resource object has two components : resource-kind (which is the kind of the resource, eg : chat-room), and resource-key (unique "id" of the resource). This is useful is defining the scope of the role. A resource-instance is an instance of a particular resource-kind. It is a resource object with a unique id.

See Scopes for more info : examples

πŸ“˜

Role Assignment API : Create Role Assignments

Role

A role is a collection of permissions that can be assigned to a profile. Roles determine the level of access a profile has within the LiveLike application. Roles have to be explicitly assigned to a profile.

πŸ“˜

Role Creation API : Create a Role

Permissions

Permissions represent specific actions that profiles can execute within the LiveLike application. These actions are predefined and managed by LiveLike. Permissions only indicate what a profile can do, without specifying restrictions.

Below is a sample list of permissions provided by LiveLike, formatted by permission key and its description:

delete-comment : Delete comment from a comment board	
delete-comment-board-ban : Delete comment board ban	
dismiss-reported-comment : Dismiss Reported Comment
view-comment-board-bans	: View Comment Board Bans	
view-reported-comments : View Reported Comments	
create-comment-board-ban	: Create comment board ban
create-alert : Create Alert
create-cheer-meter : Create Cheer Meter
create-emoji-poll : Create Emoji Poll
create-emoji-slider : Create Emoji Slider
create-image-number-prediction : Create Image Number Prediction
publish-text-ask : Publish Text Ask	
publish-text-poll : Publish Text Poll	
publish-text-prediction : Publish Text Prediction	
publish-text-prediction-follow-up : Publish Text Prediction Follow Up	
publish-text-quiz : Publish Text Quiz	
publish-twitter-spotlight : Publish Twitter Spotlight	
publish-video-alert	: Publish Video Alert	

πŸ“˜

This API can be used to fetch the list of all permissions supported by livelike : List Permissions

Resource

Resources define distinct components or functionalities within the LiveLike application, which RBAC is applicable to. These components are predefined and are managed by LiveLike.

Below is a sample list of applicable resource-kinds provided by LiveLike:

  chat-room
  profile
  comment-board
  twitter-spotlight
  social-embed
  rich-post
  program

πŸ“˜

This API can be used to fetch all applicable resource-kinds : Get List of Resources

Scope

Scope refers to the application-specific range of a resource category and a resource instance. It helps integrators precisely define the context in which a permission is applicable.
It can be represented by a pair of resource-kind (type of resource), and resource-key (unique identifier of the resource, or "*" for all resources of that kind)

Example Scopes :

  1. kind = program, key = program_a -> denotes a program with a particular id
  2. kind = chat-room, key = "*" -> denotes all chatrooms
  3. kind = comment-board, key = board_a ; kind = comment-board, key = board_b -> denotes comment boards of id = a and b

Role Template

Role templates are predefined sets of permissions designed for common use-cases. These templates are integrated into the system and are managed by LiveLike. However clients can use them to create a role with permissions associated with the role template.
Here is an sample list of role templates and their respective permissions as provided by LiveLike:

create-alert
create-cheer-meter
create-emoji-poll
create-emoji-slider
create-image-number-prediction
create-image-number-prediction-follow-up
create-image-poll
create-image-prediction
create-image-prediction-follow-up
create-image-quiz
create-rich-post
create-social-embed
create-text-ask
create-text-poll
create-text-prediction
create-text-prediction-follow-up
create-text-quiz
create-twitter-spotlight
create-video-alert
publish-alert
publish-cheer-meter
publish-emoji-poll
publish-emoji-slider
publish-image-number-prediction
publish-image-number-prediction-follow-up
publish-image-poll
publish-image-prediction
publish-image-prediction-follow-up
publish-image-quiz
publish-rich-post
publish-social-embed
publish-text-ask
publish-text-poll
publish-text-prediction
publish-text-prediction-follow-up
publish-text-quiz
publish-twitter-spotlight
publish-video-alert
create-comment-board-ban  
view-comment-board-bans
delete-comment
delete-comment-board-ban

πŸ“˜

This API can be used to get a list of all role templates offered by Livelike : Get Role Templates

Role Assignment Examples:

  1. Widget Creator role when assigned to a user A with scope of {kind, key = program, program_a}, would allow the user to create widgets in program_an only.
  2. Widget Creator role when assigned to a user B with scope of {kind, key = program, "*"}, would allow the user to create widgets in all programs.
  3. Another widget creator role assigned to user A with scope of {kind, key = program, program_b} would allow the user to create widgets in program_b along with program_a as well.