Access Control

Tacnode implements a sophisticated access control system that separates users (authentication) from roles (authorization) to provide flexible and secure permission management.

Core Concepts

Users

Purpose: Authentication and platform login

  • Registration: Email-based account creation
  • Access: Login to both platform and database instances
  • Identity: Unique identifier for system access

Roles

Purpose: Authorization and permission management

  • Definition: Collection of operation permissions for specific resources
  • Scope: Resource-specific access control
  • Inheritance: Support hierarchical permission structures

Role Architecture

Permission Structure

Roles define specific permissions for resource objects. For example, an admin role for contract dc00000001 includes:

  • Read permissions for contract data
  • Write permissions for contract modifications
  • Update permissions for contract settings

Role Inheritance

Roles support hierarchical permission management through inheritance:

  • Viewer Role: Read-only permissions
  • Admin Role: Read + Write permissions (inherits Viewer)
  • Super Admin: Full permissions (inherits Admin)

Contract Role Management

The contract permission system provides comprehensive role management capabilities:

Available Contract Roles

RoleScopePermissions
admin@{id}.contractsFull Contract AdministrationComplete contract management including user role assignment and all inherited permissions
viewer@{id}.contractsRead-Only AccessView contract information without modification rights
dc_creator@{id}.contractsData Cloud ManagementCreate and delete Data Cloud resources, includes viewer permissions
billing_admin@{id}.contractsBilling AdministrationFull billing management capabilities, includes billing viewer permissions
billing_viewer@{id}.contractsBilling VisibilityView billing information and contract details, includes viewer permissions

Access Permission Management

Navigate to contract permissions through: Dashboard → Contract → [Contract ID] → Permission Management

Role Hierarchy Visualization

View the complete role relationship structure for your contract:

This tree view shows inheritance relationships and permission dependencies between roles.

Managing Contract Users

User Role Assignment Interface

Adding Users to Roles

  1. Navigate to Permissions

    • Go to Contract → [Specific Contract] → Permission Management
  2. Authorize User

    • Click "Authorize User" next to the target role
    • Enter the user's email address in the dialog
    • Click "OK" to complete assignment
  3. Verification

    • User appears in the role member list
    • User gains role permissions immediately

Removing Users from Roles

  1. Access Role Management

    • Open Contract → [Specific Contract] → Permission Management
  2. Remove User

    • Click the red "×" icon next to the user's name
    • Confirm removal in the dialog box
    • Click "OK" to complete removal
  3. Effect

    • User loses role permissions immediately
    • Access to role-protected resources is revoked

On this page