{"id":19732385,"url":"https://github.com/terminusdb/terminusdb-access-control","last_synced_at":"2025-10-15T21:44:11.836Z","repository":{"id":40700134,"uuid":"436991721","full_name":"terminusdb/terminusdb-access-control","owner":"terminusdb","description":null,"archived":false,"fork":false,"pushed_at":"2024-01-10T06:11:09.000Z","size":4074,"stargazers_count":1,"open_issues_count":2,"forks_count":0,"subscribers_count":5,"default_branch":"main","last_synced_at":"2025-01-10T17:54:05.927Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"JavaScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/terminusdb.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2021-12-10T13:38:42.000Z","updated_at":"2022-04-13T11:23:43.000Z","dependencies_parsed_at":"2024-11-12T00:27:59.260Z","dependency_job_id":"d16f8ec6-4528-4e28-ae53-ae876e68fe65","html_url":"https://github.com/terminusdb/terminusdb-access-control","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/terminusdb%2Fterminusdb-access-control","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/terminusdb%2Fterminusdb-access-control/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/terminusdb%2Fterminusdb-access-control/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/terminusdb%2Fterminusdb-access-control/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/terminusdb","download_url":"https://codeload.github.com/terminusdb/terminusdb-access-control/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":241058053,"owners_count":19902112,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-11-12T00:26:09.877Z","updated_at":"2025-10-15T21:44:06.783Z","avatar_url":"https://github.com/terminusdb.png","language":"JavaScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"# TerminusDB Role-Based Access Control\n\n![Access Control](./image/accesscontrol__01_new.png)\n\nHere the full [documentation](https://terminusdb.github.io/terminusdb-access-control/#/) \n\n## Access control tutorial\n\nIn this tutorial, you will learn about the role-based access control in [TerminusDB](https://terminusdb.com). \nWe are going to use the [AccessControl](https://terminusdb.com/docs/js-access-control) driver in the TerminusDB JavaScript Client Library to access the TerminusDB system database and manage the access control for three different users.\n\n## Access control explained\nThe purpose of access control is to establish who the user is and what thye can access. It is also essential to actively prevent users from accessing anything they should not and the required security for a particular resource is enforced. At a high level, database access control is a selective restriction of access to data. It consists of two main components: authentication and authorization.\n\n### Authentication\nAuthentication is a technique used to verify that someone is who they claim to be. Most of the time this verification process includes a username and a password but other methods such as token, PIN number, fingerprint scan, or smart card can be used as well. In order to conduct the process of authentication, it is essential that the user has an account in the system so that the authentication mechanism can interrogate that account.\n\n### Authorization\nThe authorization process establishes if the user (who is already authenticated) is allowed to access to a resource. In other words, authorization determines what a user is and is not permitted to do. The level of authorization that is given to a user is determined by the user role. \n\n![Access Control](./image/accesscontrol__02.png)\n\n### Role-Based Access Control in TerminusDB\nTerminusDB provides mechanisms to allow users to limit access to their resources. A *role/capability* system ensures that all users can perform only the operations permitted to them.\n\n![Access Control](./image/accesscontrol__03.png)\n\nIn order to add users, organizations, and manage access and roles, you need to be the database administrator.\nThe main concepts of TerminusDB's access control mechinisms are:\n\n#### USER \nThe database user has the capability to access a resource with a specific role.\n\n#### Role\nRoles group actions that the user can perform, for example an admin roles would include the action create_database.\nThe default Roles for TerminusDB are: admin (all actions are allowed ) and consumer.\nYou can create roles in the system database for different access needs. \n\n#### Capability\nA capability is a relationship between a resource (scope) and a role (what the user can do).\nA user with a capability/role is allowed to perform a set of actions for an organization and database.\n\n#### Resource\nOrganization/Team or database\n\n#### Organization/Team\nA database or several databases sit under an organization/team. You can have many organizations each with their own group of databases. Users are assigned roles to an organization and that role filters down to the databases within the organization.\n\n#### Database \nDatabases belong to an organization and users inherit the organization User Role for the databases within an organization.\nYou can override this role, adding a capability/role at database level to increase the user's level of access for a particular database.\n\n\n### Install Terminusdb  Access control\n\nPlease [clone and install TerminusDB](https://github.com/terminusdb/terminusdb-bootstrap) and have it\nrunning.\n\nPlease clone access control tutorial\n\n```bash\ngit clone https://github.com/terminusdb/terminusdb-access-control.git\ncd terminusdb-access-control\n$ npm install\n\n```\nHere is the full code [documentation](https://terminusdb.github.io/terminusdb-access-control/#/api/src/index) \n\nNow run the example.\n\n```bash\n$ npm run start\n```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fterminusdb%2Fterminusdb-access-control","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fterminusdb%2Fterminusdb-access-control","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fterminusdb%2Fterminusdb-access-control/lists"}