Skip to main content
Stellarbridge Docs
Toggle Dark/Light/Auto mode Toggle Dark/Light/Auto mode Toggle Dark/Light/Auto mode Back to homepage
  1. Welcome
  2. /
  3. Security
  4. /
  5. Role based access control

Role based access control

RBAC

Stellarbridge provides a mechanism by which administrators can enforce the principles of least privilege across their user base.

Stellarbridge uses Casbin (https://casbin.org/) to create, manage, and enforce role based access control within the stellarbridge ecosystem. Below is a AST extracted table of all stellarbridges roles, there allowed HTTP methods and API endpoints.

GlobalAdmin

Description: Global admin role - access to everything

Subject: admin

Routes

  • Path: /api/v1/bridge/upload/info/:name/:size
    Method: GET
    Description: Get upload info
  • Path: /api/v1/bridge/uploads/initialize-multipart-upload
    Method: POST
    Description: Start multipart upload
  • Path: /api/v1/bridge/uploads/get-multipart-presigned-urls
    Method: POST
    Description: Get presigned URLs
  • Path: /api/v1/bridge/uploads/finalize-multipart-upload
    Method: POST
    Description: Finalize upload
  • Path: /api/v1/bridge/uploads/cancel
    Method: POST
    Description: Cancel upload
  • Path: /api/v1/bridge/download/protect-transfer
    Method: POST
    Description: Protect transfer
  • Path: /api/v1/bridge/download/unprotect-transfer/:tid
    Method: POST
    Description: Unprotect transfer
  • Path: /api/v1/bridge/download/delete-transfer/:tid
    Method: DELETE
    Description: Delete transfer
  • Path: /api/v1/bridge/transfer/request/create
    Method: POST
    Description: Request upload
  • Path: /api/v1/*
    Method: (GET|POST|PUT|DELETE|PATCH)
    Description: Admin access to all routes
  • Path: /api/v1/bridge/transfer/requests/from-user
    Method: GET
    Description: Get transfer requests from user

BridgeUser

Description: Bridge user - can upload, download, and manage transfers

Subject: user:bridge

Routes

  • Path: /api/v1/bridge/upload/info/:name/:size
    Method: GET
    Description: Get upload info
  • Path: /api/v1/bridge/uploads/initialize-multipart-upload
    Method: POST
    Description: Start multipart upload
  • Path: /api/v1/bridge/uploads/get-multipart-presigned-urls
    Method: POST
    Description: Get presigned URLs
  • Path: /api/v1/bridge/uploads/finalize-multipart-upload
    Method: POST
    Description: Finalize upload
  • Path: /api/v1/bridge/uploads/cancel
    Method: POST
    Description: Cancel upload
  • Path: /api/v1/bridge/download/protect-transfer
    Method: POST
    Description: Protect transfer
  • Path: /api/v1/bridge/download/unprotect-transfer/:tid
    Method: POST
    Description: Unprotect transfer
  • Path: /api/v1/bridge/download/delete-transfer/:tid
    Method: DELETE
    Description: Delete transfer
  • Path: /api/v1/dashboard/user/usage
    Method: GET
    Description: Get usage info
  • Path: /api/v1/dashboard/user/transfers/history
    Method: GET
    Description: Get transfers history
  • Path: /api/v1/bridge/transfer/requests/from-user
    Method: GET
    Description: Get transfer requests from user
  • Path: string(paths.PathStreamsConfigHanlder)
    Method: GET
    Description: Get stream config
  • Path: /api/v1/streams/session
    Method: GET
    Description: Get stream session
  • Path: /ws/streams/signal/:sessionId
    Method: POST
    Description: Update stream config
  • Path: /api/v1/bridge/*
    Method: (GET|POST|PUT|DELETE)
    Description: All bridge operations
  • Path: /api/v1/bridge/reports/*
    Method: (GET|POST)
    Description: Bridge reports
  • Path: /api/v1/bridge/analytics/*
    Method: (GET|POST)
    Description: Bridge analytics

StreamUser

Description: Stream user - can stream and manage their streams

Subject: user:stream

Routes

  • Path: string(paths.PathStreamsConfigHanlder)
    Method: GET
    Description: Get stream config
  • Path: /api/v1/streams/session
    Method: GET
    Description: Get stream session
  • Path: /ws/streams/signal/:sessionId
    Method: POST
    Description: Update stream config

UploadUser

Description: Upload user - can upload and manage their uploads

Subject: user:upload

Routes

  • Path: /api/v1/bridge/upload/info/:name/:size
    Method: GET
    Description: Get upload info
  • Path: /api/v1/bridge/uploads/initialize-multipart-upload
    Method: POST
    Description: Start multipart upload
  • Path: /api/v1/bridge/uploads/get-multipart-presigned-urls
    Method: POST
    Description: Get presigned URLs
  • Path: /api/v1/bridge/uploads/finalize-multipart-upload
    Method: POST
    Description: Finalize upload
  • Path: /api/v1/bridge/uploads/cancel
    Method: POST
    Description: Cancel upload
  • Path: /api/v1/bridge/download/protect-transfer
    Method: POST
    Description: Protect transfer
  • Path: /api/v1/bridge/download/unprotect-transfer/:tid
    Method: POST
    Description: Unprotect transfer
  • Path: /api/v1/bridge/download/delete-transfer/:tid
    Method: DELETE
    Description: Delete own transfers
  • Path: /api/v1/dashboard/user/usage
    Method: GET
    Description: Get usage info
  • Path: /api/v1/bridge/uploads/*
    Method: (GET|POST|PUT|DELETE)
    Description: Upload operations

OrgUser

Description: Org user - basic user access to uploads, streams, transfer history and organization overview

Subject: user:org

Routes

  • Path: /api/v1/bridge/upload/info/:name/:size
    Method: GET
    Description: Get upload info
  • Path: /api/v1/bridge/uploads/initialize-multipart-upload
    Method: POST
    Description: Start multipart upload
  • Path: /api/v1/bridge/uploads/get-multipart-presigned-urls
    Method: POST
    Description: Get presigned URLs
  • Path: /api/v1/bridge/uploads/finalize-multipart-upload
    Method: POST
    Description: Finalize upload
  • Path: /api/v1/bridge/uploads/cancel
    Method: POST
    Description: Cancel upload
  • Path: /api/v1/bridge/download/protect-transfer
    Method: POST
    Description: Protect transfer
  • Path: /api/v1/bridge/download/unprotect-transfer/:tid
    Method: POST
    Description: Unprotect transfer
  • Path: /api/v1/bridge/download/delete-transfer/:tid
    Method: DELETE
    Description: Delete own transfers
  • Path: /api/v1/bridge/uploads/*
    Method: (GET|POST|PUT|DELETE)
    Description: Upload operations
  • Path: /api/v1/dashboard/organization/panel
    Method: GET
    Description: Organization panel panel basic access
  • Path: /api/v1/dashboard/organization/user-org-info
    Method: GET
    Description: Basic organization info
  • Path: /api/v1/dashboard/organization/accept-invite-to-org
    Method: PUT
    Description: Accept invite to org
  • Path: /api/v1/dashboard/user/usage
    Method: GET
    Description: Get usage info
  • Path: /api/v1/dashboard/security/update
    Method: PUT
    Description: Reset password

RoleAdmin

Description: Role admin - can manage roles and permissions that are assigned to users within an or

Subject: admin:role

Routes

  • Path: /api/v1/dashboard/organization/rbac/roles
    Method: GET
    Description: Role operations
  • Path: /api/v1/dashboard/organization/rbac/user/roles
    Method: GET
    Description: User operations
  • Path: /api/v1/dashboard/organization/rbac/user/roles/add
    Method: POST
    Description: Settings operations
  • Path: /api/v1/dashboard/organization/rbac/user/roles/remove
    Method: DELETE
    Description: Settings roles operations

SecurityAnalyst

Description: Security analyst - can view security reports

Subject: admin:security

Routes

  • Path: /api/v1/dashboard/organization/get-events-in-org
    Method: GET
    Description: Organization events
  • Path: /api/v1/dashboard/organization/get-transfers-in-org
    Method: GET
    Description: Organization transfers

TransferAdmin

Description: Org transfer administrator - can manage transfers in an organization

Subject: admin:transfer

Routes

  • Path: /api/v1/dashboard/organization/set-transfer-org-lock-status
    Method:
    Description:

ServiceAccountAdmin

Description: Service account admin - role assigned to service accounts that can create and manage service accounts

Subject: admin:service-account

Routes

  • Path: /api/v1/dashboard/key-auth/delete
    Method: DELETE
    Description: List service accounts
  • Path: /api/v1/dashboard/key-auth/get
    Method: GET
    Description: Get service account
  • Path: /api/v1/dashboard/key-auth/add
    Method: POST
    Description: Add service account

AuditLogStreamer

Description: Audit log streamer - role assigned to users that can view audit logs

Subject: audit:streamer

Routes

  • Path: /api/v1/dashboard/events
    Method: GET
    Description: Get user event logs
  • Path: /api/v1/dashboard/organization/get-events-in-org
    Method: GET
    Description: Get organization logs
gdoc_arrow_left_alt How we handle your information