configfacets/core-concepts
authorization
Configuration authorization documentation.
Configfacets supports the creation of the following entities, along with their associated repositories and resources:
Entities
| Entity | Description |
|---|---|
| Organization | An entity that represents a company, department, or group managing multiple teams and users within Configfacets. Organizations can exist at the top level or be created under another Organization as a Sub-Organization. |
| Team | A subgroup within an organization or another team, consisting of multiple users collaborating on shared configurations, repositories, and resources. |
| User | An individual account with assigned roles and permissions. Users can be part of an organization or team, but they can also manage their own repositories and resources independently for personal use. |
Entity Hierarchies
| Entity | Can be created under | Can have sub-entities | Can have repositories |
|---|---|---|---|
| Organization | N/A (Top-level entity), Organization | Organizations (Sub-Organizations), Teams, Users (as members) | |
| Team | N/A (Top-level entity), Organization, Team | Teams(Sub-Teams), Users (as members) | |
| User | N/A (Standalone) | N/A |
Additional Notes
- Users are independent but can be members of Organizations or Teams
Authorization
By combining role-based permissions for users and teams with feature toggles at different levels of the hierarchy, you can establish a highly controlled and customizable workflow.
Roles & Permissions
| Hierarchy / Role | Admin | Member |
|---|---|---|
| Organization (assigned or inherited roles) | View organization Manage organization members Edit organization settings Delete organization Create organization teams Create organization repositories Create sub-organizations | View organization Manage organization members Edit organization settings Delete organization Create organization teams Create organization repositories Create sub-organizations |
| Team (assigned or inherited roles) | View team Manage team members Edit team settings Delete team Create team repositories Create sub-teams | View team Manage team members Edit team settings Delete team Create team repositories Create sub-teams |
| Repository (assigned or inherited roles) | View repositories Manage repository members Edit repository settings Delete repository Create versions | View repositories Manage repository members Edit repository settings Delete repository Create versions |
| Version (inherited roles) | View versions Edit version settings Delete version Manage resources | View versions Edit version settings Delete version Manage resources |
| Resources 1. Data 2. Collections 3. Configurations 4. Services 5. Endpoints (inherited roles) | Create Edit Delete | Create Edit Delete |
Notes
- Authorization permissions granted at a higher level in the hierarchy are automatically inherited by all its child entities without requiring explicit assignment.
- Configfacets recommends assigning permissions based on necessity. Instead of granting all employees a role at the top level, it is better to assign roles at the appropriate sub-organization, team, or repository level.
- User permissions can be elevated at lower levels in the hierarchy (e.g., from Member → Admin), but downgrading (Admin → Member) at a lower level is not possible.
- Generally, any organization, team, repository, or its resources—such as versions, data, collections, configurations, services, and endpoints—with public visibility can be accessed by anyone. However, if any child resource is set to private, it will only be visible to users with explicit permissions (such as Admin or Member) within the same hierarchy or its parent entities.
- Additionally, if a parent entity is set to private, all its child resources will automatically inherit this visibility status.
Features
Configfacets allows enabling or disabling various features at different levels within the hierarchy. Admin can manage these settings from their respective settings pages.
Visibility
| Feature | Description |
|---|---|
| Public | Any organization, team, repository, or associated resources—such as versions, data, collections, configurations, services, and endpoints—marked as public can be accessed by anyone. |
| Private | A resource set to private is only accessible to users with explicit permissions (such as Admin or Member) within the same hierarchy or its parent entities. |
Organization
| Feature | Description |
|---|---|
| Sub-Organizations | Enable or disable sub-organization creation within this organization. |
| Teams | Enable or disable team creation within this organization. |
| Repositories | Enable or disable repository creation within this organization. |
Team
| Feature | Description |
|---|---|
| Sub-Teams | Enable or disable sub-team creation within this Team. |
| Repositories | Enable or disable repository creation within this Team. |
Repository
| Feature | Description |
|---|---|
| Dependency | Allow this repository to be added as dependency in other repositories. |
Version
| Feature | Description |
|---|---|
| Dependency | Allow this version to be added as dependency in other repositories. |