Access Control & Roles
Key system users have been described here. The underlying DIGIT platform supports role based access control (RBAC). DRISTI uses a hybrid of role based access control (RBAC) and attribute based access control (ABAC).
Every API (a feature in software) is like an action that a system user can perform. Access to these actions is controlled based on who you are and what role you play in the system. Micro-roles have been defined to ensure compartmentalised access to resources. In addition to the role, access is further controlled by user specific attributes such as a user's participation in a case. For example, even though all litigants have a CASE_VIEWER role, only litigants who are party to a case have access to the fine grained details of a case including PII data.
RBAC is enforced at the API gateway level based on the role action mapping master data. ABAC is enforced at each service level based on business logic. Below sections show the persona to role mapping and role to API mapping.
Role Mapping
Below table shows what roles are given to each user persona:
Complainant (Litigant)
Litigants as Party in Person
APPLICATION_CREATOR APPLICATION_EDITOR APPLICATION_VIEWER CASE_CREATOR CASE_EDITOR CASE_VIEWER CITIZEN EVIDENCE_CREATOR EVIDENCE_VIEWER HEARING_DATE_REQUESTOR HEARING_VIEWER ORDER_VIEWER TASK_VIEWER
Respondents
Advocates
Advocate Clerk
Judges
Junior Superintendent/File Scrutiny Officer
Court Secretary/ Manager (currently Bench Clerk)
Nyay Mitra
System
WORKFLOW_ABANDON
ORDER_STAMP
ORDER_CLOSER
TASK_CREATOR
System Administrator
HRMS_ADMIN LOCALISATION_ADMIN MDMS_ADMIN SYSTEM_ADMIN SUPERUSER WORKBENCH_ADMIN
Role Action Mapping
APIs (actions) and the roles that have access to the APIs are documented here in this sheet. (Add link TBD)
Last updated