Files

Warp Agent 70d25e13b8 tidy up documentation for alpha release

2026-01-04 13:19:40 +07:00

5.7 KiB

Raw Blame History

SRS-10: Identity & Access Management

1. Overview

Identity & Access Management (IAM) module provides user account management, role-based access control (RBAC), permission management, and group management.

2. Functional Requirements

2.1 User Management

FR-IAM-001: System shall allow admins to create users

Input: Username, email, password, roles
Output: Created user with ID
Validation: Username uniqueness, valid email, strong password

FR-IAM-002: System shall allow admins to list users

Output: User list with username, email, roles, status
Filtering: By role, status, search

FR-IAM-003: System shall allow admins to view user details

Output: User properties, roles, groups, permissions

FR-IAM-004: System shall allow admins to update users

Input: User ID, updated properties
Validation: Valid updated values

FR-IAM-005: System shall allow admins to delete users

Input: User ID
Validation: Cannot delete own account

FR-IAM-006: System shall allow users to view own profile

Output: Own user properties, roles, permissions

FR-IAM-007: System shall allow users to update own profile

Input: Updated profile properties (email, password)
Validation: Valid updated values

2.2 Role Management

FR-IAM-008: System shall allow admins to create roles

Input: Role name, description, permissions
Output: Created role with ID
Validation: Role name uniqueness

FR-IAM-009: System shall allow admins to list roles

Output: Role list with name, description, permission count

FR-IAM-010: System shall allow admins to view role details

Output: Role properties, assigned permissions, users with role

FR-IAM-011: System shall allow admins to update roles

Input: Role ID, updated properties

FR-IAM-012: System shall allow admins to delete roles

Input: Role ID
Validation: Role not assigned to users

FR-IAM-013: System shall allow admins to assign permissions to roles

Input: Role ID, permission ID
Action: Add permission to role

FR-IAM-014: System shall allow admins to remove permissions from roles

Input: Role ID, permission ID
Action: Remove permission from role

2.3 Permission Management

FR-IAM-015: System shall list available permissions

Output: Permission list with resource, action, description

FR-IAM-016: System shall display permission details

Output: Permission properties, roles with permission

2.4 Group Management

FR-IAM-017: System shall allow admins to create groups

Input: Group name, description
Output: Created group with ID

FR-IAM-018: System shall allow admins to list groups

Output: Group list with name, description, member count

FR-IAM-019: System shall allow admins to view group details

Output: Group properties, members, roles

FR-IAM-020: System shall allow admins to update groups

Input: Group ID, updated properties

FR-IAM-021: System shall allow admins to delete groups

Input: Group ID

FR-IAM-022: System shall allow admins to add users to groups

Input: Group ID, user ID
Action: Add user to group

FR-IAM-023: System shall allow admins to remove users from groups

Input: Group ID, user ID
Action: Remove user from group

2.5 User-Role Assignment

FR-IAM-024: System shall allow admins to assign roles to users

Input: User ID, role ID
Action: Assign role to user

FR-IAM-025: System shall allow admins to remove roles from users

Input: User ID, role ID
Action: Remove role from user

2.6 Authentication

FR-IAM-026: System shall authenticate users

Input: Username, password
Output: JWT token on success
Validation: Valid credentials

FR-IAM-027: System shall manage user sessions

Output: Current user information, session expiration

FR-IAM-028: System shall allow users to logout

Action: Invalidate session token

3. User Interface Requirements

3.1 IAM Dashboard

User management tab
Role management tab
Group management tab
Permission overview

3.2 User Management

User list with filtering
User creation modal
User detail view
User edit form

3.3 Role Management

Role list with permission count
Role creation modal
Role detail view with permission assignment
Role edit form

3.4 Group Management

Group list with member count
Group creation modal
Group detail view with member management
Group edit form

4. API Endpoints

GET    /api/v1/iam/users
GET    /api/v1/iam/users/:id
POST   /api/v1/iam/users
PUT    /api/v1/iam/users/:id
DELETE /api/v1/iam/users/:id

POST   /api/v1/iam/users/:id/roles
DELETE /api/v1/iam/users/:id/roles
POST   /api/v1/iam/users/:id/groups
DELETE /api/v1/iam/users/:id/groups

GET    /api/v1/iam/roles
GET    /api/v1/iam/roles/:id
POST   /api/v1/iam/roles
PUT    /api/v1/iam/roles/:id
DELETE /api/v1/iam/roles/:id

GET    /api/v1/iam/roles/:id/permissions
POST   /api/v1/iam/roles/:id/permissions
DELETE /api/v1/iam/roles/:id/permissions

GET    /api/v1/iam/permissions

GET    /api/v1/iam/groups
GET    /api/v1/iam/groups/:id
POST   /api/v1/iam/groups
PUT    /api/v1/iam/groups/:id
DELETE /api/v1/iam/groups/:id

POST   /api/v1/iam/groups/:id/users
DELETE /api/v1/iam/groups/:id/users/:user_id

5. Permissions

iam:read: Required for viewing users, roles, groups
iam:write: Required for creating, updating, deleting
admin role: Required for all IAM operations

6. Error Handling

Username already exists
Invalid email format
Weak password
Role not found
Permission denied
Cannot delete own account
Insufficient permissions

5.7 KiB Raw Blame History