U
U
User15822021-03-15 17:43:02
Access rights
User1582, 2021-03-15 17:43:02

How to differentiate access to information in a multi-user system?

Good afternoon!

I ran into a problem during the design process.
There is an access control system.
It contains entities:
- user (full name, phone number, email),
- access card (card number, validity period),
- organization,
- user position.

The user may not have positions or may have positions in one or more organizations.
A user can have multiple access cards.

For people who control the access control system (let's call them managers), there is a restriction of access to information regarding the organization, data for which they can see.
For example:
- the user user1 has a position in the organization org1,
- for accessing org1 , he uses card1 (but he also has card2 and card3,
but they are not used in this organization) card1, because it is tied to access in org1). At the same time, the user base with their cards is loaded into the system at the very beginning, i.e. when managers start adding positions for their organizations, this is superimposed on existing users. When applying for a job and adding a position, I need to find the right person in the database by full name (and if there are several users with the same data, then I will see several of them)

When adding a user card to access control, I need to enter the card number and make sure it belongs to the correct user.

However, there are problems related to how to protect the user's personal data from being able to be viewed by any managers from different organizations by entering only the full name.
Those. the data seems to be in a single large database, but at the same time fully accessible.

There was an idea of ​​a certain higher position and full access rights to everything and that he would open access to information on a particular user for hiring them in a particular organization. But this is not very convenient.
There are no more ideas on how to organize restricted access, there is an idea that in extreme cases you can simply not display the full user data (for example, only the last N letters and numbers of his email and password, which will be enough to uniquely identify whether we we hire a person or his namesake).

I would be glad for any help, any hints and links in which direction to look, what to read.

PS I'm sorry if I didn't specify the tags quite correctly, I couldn't think of a better way to refer this question.

Answer the question

In order to leave comments, you need to log in

2 answer(s)
S
Sergey, 2021-03-16
@pasha_a

Let the manager himself get this person for the organization.
The system can match unique information such as TIN, and link a person to a common database.
That. the manager will not have a "choice" of personalities from the general list
PS You can mark )

I
Ivan Shumov, 2021-03-15
@inoise

Either I'm having microscope syndrome, or Groundhog Day. Reading about ABAC, Casbin or Open Policy Agent

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question