1.3 Persona
Users of SSCVIP are separated into different roles, owning different permissions to system's operations.
It is recommended to place the roles (and permissions) into a JWT object.
Example payload in JWT:
{
"sub": "1234567890",
"name": "John Doe",
"role": "admin",
"permissions": ["project.*", "task.*"],
"iat": 1516239022,
"exp": 1516232622
}
1.3.1 Admin
Admin of the SSCVIP
1.3.3 User
User can resolve Tasks
1.3.4 Permissions
1.3.4.1 Project Permissions
| Permission | Admin | User |
|---|---|---|
| project.create | ✓ | |
| project.modify | ✓ | |
| project.refresh | ✓ | |
| project.delete | ✓ | |
| asset.scan | ✓ | |
| asset.import | ✓ |
1.3.4.2 Task Permissions
| Permission | Admin | User |
|---|---|---|
| task.create | ✓ | |
| task.create.second_tier | ✓ | |
| task.assign | ✓ | |
| task.resolve | ✓ | ✓ |
| task.delete | ✓ |
1.3.5 User Authentication
info
- SourceGuard API issues JWT on top of the session cookie
- SourceGuard API acts as JWT verifier for components to loosely couple with it