Expand description
Role-Based Access Control (RBAC) Foundation.
Provides separation of duties through role-based permissions for SOC2 compliance.
§Overview
This module implements the foundation for RBAC with:
- Pre-defined roles with appropriate permission sets
- Fine-grained permissions for all operations
- Permission checking and enforcement
- Audit integration for access control events
§Roles
| Role | Description | Key Permissions |
|---|---|---|
Admin | Full system access | All permissions |
Operator | Day-to-day operations | Capture, Recall, Sync, Configure |
User | Standard user access | Capture, Recall |
Auditor | Read-only audit access | ViewAudit, GenerateReports |
ReadOnly | Read-only data access | Recall only |
§Example
use subcog::security::rbac::{Role, Permission, AccessControl};
let ac = AccessControl::new();
// Check if a role has a permission
assert!(ac.has_permission(&Role::Admin, &Permission::Delete));
assert!(!ac.has_permission(&Role::ReadOnly, &Permission::Delete));
// Get all permissions for a role
let user_perms = ac.permissions_for(&Role::User);
assert!(user_perms.contains(&Permission::Capture));Structs§
- Access
Control - Access control manager for checking role permissions.
- Rbac
Summary - Summary of the entire RBAC configuration.
- Role
Summary - Summary of a role’s permissions.
Enums§
- Access
Result - Result of an access control check.
- Permission
- Fine-grained permissions for system operations.
- Permission
Category - Categories of permissions for grouping and display.
- Role
- System roles with predefined permission sets.