What resource access control model (with logging) is better to implement in an information system?

I

Ivan Melnikov2019-10-22 12:57:22

Database design

Ivan Melnikov, 2019-10-22 12:57:22

This question is of interest in the context of designing a database schema (MySQL 8) for a large distributed IS.
So, there are many different resources and types of permissions to these resources (read, write, change). There are a certain number of users in different positions, with some staff turnover. I would like to simply and quickly add new users and grant them the necessary rights to resources.
It is also necessary to keep logging in the database of all user actions and facts of access to resources (including ip-addresses from which access is made).
What is the best access control model to implement?

Reply

Answer the question

In order to leave comments, you need to log in

1 answer(s)

I

Ivan Shumov, 2019-10-22
@immelnikoff

What you are talking about are several different tasks. User and role access is a basic principle of RBAC. If there are several systems or it is distributed, then you should think about Identity Server.
Logging is a separate slice and is done as a collection of access logs from the web server. Then it can be put into the database and analyzed, for example, using the ELK stack.
If you still need to combine by users, then go ahead and implement your system with songs according to how you need to analyze the access log by headings and write it into the database with pens. There are no ready-made solutions here, or rather, there are, they cost money and are unlikely to change to someone's requirements.
Data on access to resources can be removed from a proxy or balancer as an option