Access Control & Roles
Last updated
Last updated
Key system users have been . The underlying DIGIT platform supports role based access control (RBAC). DRISTI uses a hybrid of role based access control (RBAC) and attribute based access control (ABAC).
Every API (a feature in software) is like an action that a system user can perform. Access to these actions is controlled based on who you are and what role you play in the system. Micro-roles have been defined to ensure compartmentalised access to resources. In addition to the role, access is further controlled by user specific attributes such as a user's participation in a case. For example, even though all litigants have a CASE_VIEWER role, only litigants who are party to a case have access to the fine grained details of a case including PII data.
RBAC is enforced at the API gateway level based on the role action mapping master data. ABAC is enforced at each service level based on business logic. Below sections show the persona to role mapping and role to API mapping.
Below table shows what roles are given to each user persona:
Complainant (Litigant)
Litigants as Party in Person
APPLICATION_CREATOR APPLICATION_EDITOR APPLICATION_VIEWER CASE_CREATOR CASE_EDITOR CASE_VIEWER CITIZEN EVIDENCE_CREATOR EVIDENCE_VIEWER HEARING_DATE_REQUESTOR HEARING_VIEWER ORDER_VIEWER TASK_VIEWER
Respondents
Advocates
Advocate Clerk
Judges
Junior Superintendent/File Scrutiny Officer
Court Secretary/ Manager (currently Bench Clerk)
Nyay Mitra
System
WORKFLOW_ABANDON
ORDER_STAMP
ORDER_CLOSER
TASK_CREATOR
System Administrator
HRMS_ADMIN LOCALISATION_ADMIN MDMS_ADMIN SYSTEM_ADMIN SUPERUSER WORKBENCH_ADMIN
APIs (actions) and the roles that have access to the APIs are documented here in this sheet. (Add link TBD)
CASE_VIEWER
DEPOSITION_VIEWER
CITIZEN
APPLICATION_CREATOR
SUBMISSION_DELETE
HEARING_ACCEPTOR
CASE_RESPONDER
DEPOSITION_CREATOR
SUBMISSION_RESPONDER
ORDER_VIEWER
CASE_EDITOR
ADVOCATE_VIEWER
SUBMISSION_CREATOR
APPLICATION_VIEWER
TASK_VIEWER
PENDING_TASK_CREATOR
CASE_CREATOR
CASE_VIEWER
DEPOSITION_VIEWER
CITIZEN
APPLICATION_CREATOR
SUBMISSION_DELETE
HEARING_ACCEPTOR
CASE_RESPONDER
DEPOSITION_CREATOR
SUBMISSION_RESPONDER
ORDER_VIEWER
CASE_EDITOR
SUBMISSION_CREATOR
APPLICATION_VIEWER
TASK_VIEWER
PENDING_TASK_CREATOR
CASE_CREATOR
CASE_VIEWER
DEPOSITION_VIEWER
CITIZEN
ADVOCATE_ROLE
APPLICATION_CREATOR
SUBMISSION_DELETE
HEARING_ACCEPTOR
CASE_RESPONDER
DEPOSITION_CREATOR
SUBMISSION_RESPONDER
ORDER_VIEWER
CASE_EDITOR
ADVOCATE_VIEWER
SUBMISSION_CREATOR
APPLICATION_VIEWER
ADVOCATE_APPLICATION_VIEWER
TASK_VIEWER
PENDING_TASK_CREATOR
CASE_CREATOR
CASE_VIEWER
DEPOSITION_VIEWER
CITIZEN
APPLICATION_CREATOR
SUBMISSION_DELETE
ADVOCATE_CLERK_ROLE
HEARING_ACCEPTOR
CASE_RESPONDER
DEPOSITION_CREATOR
SUBMISSION_RESPONDER
ORDER_VIEWER
CASE_EDITOR
ADVOCATE_VIEWER
SUBMISSION_CREATOR
APPLICATION_VIEWER
TASK_VIEWER
PENDING_TASK_CREATOR
CASE_CREATOR
APPLICATION_APPROVER
APPLICATION_CREATOR
APPLICATION_REJECTOR
APPLICATION_VIEWER
CALCULATION_VIEWER
CASE_APPROVER
CASE_EDITOR
CASE_VIEWER
DEPOSITION_EDITOR
EMPLOYEE
HEARING_APPROVER
HEARING_CLOSER
HEARING_CREATOR
HEARING_DATE_REQUESTOR
HEARING_SCHEDULER
HEARING_START
HEARING_VIEWER
JUDGE_ROLE
ORDER_APPROVER
ORDER_CREATOR
ORDER_DELETE
ORDER_ESIGN
ORDER_VIEWER
SUBMISSION_APPROVER
TASK_APPROVER
TASK_CREATOR
TASK_EDITOR
TASK_UPDATOR
TASK_VIEWER
WORKFLOW_ABANDON
WORKFLOW_ADMIN
CASE_VIEWER
CASE_REVIEWER
CASE_EDITOR
ADVOCATE_VIEWER
EMPLOYEE
CASE_EDITOR
HEARING_VIEWER
HEARING_SCHEDULER
HEARING_START
HEARING_APPROVER
HEARING_DATE_REQUESTOR
HEARING_CLOSER
ORDER_APPROVER
ORDER_REASSIGN
ORDER_CREATOR
ORDER_VIEWER
DEPOSITION_CREATOR
DEPOSITION_EDITOR
DEPOSITION_PUBLISHER
EMPLOYEE
WORKFLOW_ABANDON
WORKFLOW_ADMIN
APPLICATION_RESPONDER
APPLICATION_APPROVER
APPLICATION_REJECTOR
TASK_VIEWER
TASK_CREATOR
TASK_APPROVER
SUBMISSION_APPROVER
SUBMISSION_CREATOR
APPLICATION_CREATOR
SUBMISSION_RESPONDER
BENCH_CLERK
PAYMENT_COLLECTOR
NYAY_MITRA_ROLE
ORDER_VIEWER
EMPLOYEE
TASK_VIEWER
ADVOCATE_APPROVER
ADVOCATE_APPLICATION_VIEWER