Security and access control with user roles

Access to resources such as tables, views, files and pages in Saltcorn is controlled by a system of roles. Every user has exactly one role. The roles are ordered and resources specify a minimum role for access. This means that any user with that or greater role may access that resource.

The built-in roles are:

• public, the least role: this is the role assigned to users who have not authenticated with a login.
• staff: a role intended for employees of the organisation maintaining the application.
• user : the role assigned to users who have created an account (if account creation is enabled)
• admin, the greatest role: users in this role are able to create tables, views, pages and to change the settings.

For example: if a page has been set to require the minimum role (that is, role should be at least) of staff, then it can be accessed by any user with staff or admin roles. But it cannot be accessed by users with role user or users who are not logged in.

Future versions of Saltcorn will allow you to define more roles (for instance, paid users or managers)

The advantage of this system is extreme simplicity in configuration and implementation. It is not possible, for instance, to create roles that correspond to departments such that finance roles can access accounts and human resources roles can access employee records but not the other way around. In Saltcorn we give up some flexibility for the benefit of a system that is less likely to be misconfigured, which is the source of many security problems in more complex systems.

There are some other settings that have security implications:

• Allow signups: allow users to create new accounts
• Login menu: show the Login item on the menu to users that have not logged in. If this is disabled, Login is not shown as an option, but users can still log in by visiting /auth/login.