Access Control
Access Control provides enterprise-grade permissions management through integration with Nextcloud RBAC (Role-Based Access Control) and Keycloak.
Overview
The access control system integrates with:
- ADFS (Active Directory Federation Services) for user and group management via Keycloak
- Nextcloud RBAC for role-based permissions
- FCS (Federal Cloud Services) compliance requirements
- Verwerkingen registers for process tracking
Permission Levels
Access can be controlled at multiple levels:
- Register level - Control access to entire registers
- Schema level - Manage permissions for specific register/schema combinations
- Object level - Set permissions on individual objects
- Property level - Fine-grained control over specific object properties
Permission Types
Permissions are granted through:
User Rights
- CRUD (Create, Read, Update, Delete) operations
- Inherited from ADFS groups via Keycloak
- Role-based access control through Nextcloud
Contract Rights
- Application-level permissions
- Process-specific authorizations
- Compliance with FCS requirements
- Integration with verwerkingen registers
Implementation
Access control is implemented through:
User Authentication
- Direct integration with Keycloak for identity management
- ADFS synchronization for user and group information
- Single Sign-On (SSO) capabilities
Permission Management
- CRUD-level permissions for all system entities
- Hierarchical permission inheritance
- Fine-grained access control at multiple levels
Process Integration
- Compliance with FCS guidelines
- Integration with verwerkingen registers for process tracking
- Application-specific permission contracts
Related Features
- Register Management - Manage register access
- Object Locking - Control modifications