Skip to main content

How to build a Policy Management System

Introduction


Policies are a fine grained model of applying security restrictions on the various entities in the business application. 

Can I achieve fine grained access only with Policies?

The answer is NO. There are ways where we can model the same with the entity level permissions like feature. So what is so special about policies. Policies are typically a agreed upon JSON format that can be used to be built by the user and tie up with any entity or specific record in the entity.
Since this is a JSON, it is easy to define and contain wildcards, regex matches etc which kind of becomes difficult to manage in other formats.

Design

The below diagram illustrates how the policies can be created and enforced in an application.

As shown above, the Administrator is responsible to create the policies and bind them with the entities.

Enforcement of the policies are done as part of the entity service, which passes on the request for access to a policy manager. The policy manager talks to the database / policy store to get the policies applicable for the entity.

Once the policies are obtained, the policy manager tries to match the policies with the incoming request data and finds suitable matches

Once the policies are filtered, they are extracted and processed against the data. This is the evaluation process where in the policy enforcement gets evaluated against the entities.

The successful policy execution results in a grant to access the data, and on the denied case, an access denied message should be reported to the end user

Sample Policy

Below given is a sample AWS s3 object access policy which is created with operations / actions that are allowed. There can be operations / actions that can be disallowed or denied in a similar policy.
{
  "Id": "Policy1651233244327",
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "Stmt1651233242247",
      "Action": [
        "s3:GetBucketNotification",
        "s3:GetBucketVersioning",
        "s3:GetObject",
        "s3:GetObjectAttributes",
        "s3:GetObjectTorrent",
        "s3:GetObjectVersion",
        "s3:GetObjectVersionAttributes"
      ],
      "Effect": "Allow",
      "Resource": "arn:aws:s3:::mybucket:artifacts",
      "Principal": {
        "AWS": [
          "saravanan"
        ]
      }
    }
  ]
}

Labels

Labels:

Comments

Post a Comment

Popular posts from this blog

User Authentication schemes in a Multi-Tenant SaaS Application

User Authentication in Multi-Tenant SaaS Apps Introduction We will cover few scenarios that we can follow to perform the user authentication in a Multi-Tenant SaaS application. Scenario 1 - Global Users Authentication with Tenancy and Tenant forwarding In this scheme, we have the SaaS Provider Authentication gateway that takes care of Authentication of the users by performing the following steps Tenant Identification User Authentication User Authorization Forwarding the user to the tenant application / tenant pages in the SaaS App This demands that the SaaS provider authentication gateway be a scalable microservice that can take care of the load across all tenants. The database partitioning (horizontal or other means) is left upto the SaaS provider Service. Scenario 2 - Global Tenant Identification and User Authentication forwarding   In the above scenario, the tenant identification happens on part of the SaaS provider Tenant Identification gateway. Post which, ...
Post a Comment
Read more

Handling exceptions in the Executor service threads in Java

Introduction This is a continuation post on the exception handling strategies in the threads in Java. For Introduction, please read this post The second post is available here This post addresses the problem statement "How to use the exception handlers in the threads spawned by the Executor Service in Java?" Not all times, we will be using Thread  classes to run our threads because we have to manage a lot of the underlying logic for managing threads. There is ExecutorService in Java which comes to the rescue for the above problem. In the previous posts, we have discussed on how to handle the exceptions in plain threads. However, when using executor service, we do not create / manage threads, so how do we handle exception in this case. We have a ThreadFactory   as an argument which can be used to customize the way threads are created for use within the ExecutorService . The below snippet of code leverages this feature to illustrate the exception handling, wherein we creat...
Post a Comment
Read more

SFTP and File Upload in SFTP using C# and Tamir. SShSharp

The right choice of SFTP Server for Windows OS Follow the following steps, 1. Download the server version from here . The application is here 2. Provide the Username, password and root path, i.e. the ftp destination. 3. The screen shot is given below for reference. 4. Now download the CoreFTP client from this link 5. The client settings will be as in this screen shot: 6. Now the code to upload files via SFTP will be as follows. //ip of the local machine and the username and password along with the file to be uploaded via SFTP. FileUploadUsingSftp("172.24.120.87", "ftpserveruser", "123456", @"D:\", @"Web.config"); private static void FileUploadUsingSftp(string FtpAddress, string FtpUserName, string FtpPassword, string FilePath, string FileName) { Sftp sftp = null; try { // Create instance for Sftp to upload given files using given credentials sf...
2 comments
Read more

Implementing Row Level Security [RLS] for a Multi-Tenant SaaS Application

Row Level Security The need for row level security stems from the demand for fine-grained security to the data. As the applications are generating vast amounts of data by the day. Application developers are in need of making sure that the data is accessible to the right audience based on the right access level settings. Even today, whenever an application was built, the application development team used to spend a lot of time researching the approach, implementing multiple tables multiple logics 25 queries to add filters to manage the data security for every query that gets transferred from the end user request to the application database. This approach requires a lot of thought process, testing and security review because the queries needs to be intercepted, updated and the data retrieval to be validated to make sure the end-users see only the data that they are entitled to. Implementation With the advent of of row level security feature being rolled out in main d...
Post a Comment
Read more

Using Spring Cloud Config Server for Multi-tenancy configuration

Let's walk through a basic example of how to set up and use Spring Cloud Config Server to manage configuration for multiple tenants in a Spring Boot Application. Step 1: Create a Spring Cloud Config Server Create a new Spring Boot project with the Spring Cloud Config Server dependency. <!-- pom.xml --> <dependency> <groupId>org.springframework.cloud</groupId> <artifactId>spring-cloud-config-server</artifactId> </dependency> Configure the Spring Cloud Config Server: // src/main/java/com/example/ConfigServerApplication.java import org.springframework.boot.SpringApplication; import org.springframework.boot.autoconfigure.SpringBootApplication; import org.springframework.cloud.config.server.EnableConfigServer; @SpringBootApplication @EnableConfigServer public class ConfigServerApplication { public static void main(String[] args) { SpringApplication.run(ConfigServerApplication.class, args); } } Configure the appl...
Post a Comment
Read more