Developed system of differentiation of rights

An advanced system of access rights differentiation is implemented in Tengri.

Supported principles

Tengri supports the principles of DAC and RBAC.

DAC: Discretionary Access Control: each object has an owner who can grant access rights (privileges) to the object to other users.
RBAC: Role-based access control: access rights (privileges) are assigned to roles, which in turn are assigned to users.

Key concepts of a rights-based system

Rights-based system concepts schema

User

An identifier associated with a person or service. A user is an object that can be granted privileges.

Read more: Operations with users

Role

An entity to which access rights (privileges) can be granted. Roles can be assigned to users or to other roles. Assigning a role to another role creates a role hierarchy.

Read more: Operations with roles

Privilege

A specific level of access to an object. Assigned to users or roles. Privileges assigned to roles or users allow access to objects to be protected. Can be revoked from roles or users.

Several different privileges can be used simultaneously to control the granularity of the access granted.

Read more: Operations with privileges

Protected object

An entity to which access (privileges) can be granted. If access to this protected object is not allowed, it will be denied.