|
|
@@ -1,4 +1,4 @@
|
|
|
-[Back to Specifications](README.md)
|
|
|
+[Back to Specifications](readme.md)
|
|
|
|
|
|
# VestaCP Access Control and Ownership
|
|
|
VestaCP is built on the concept of federated access control and ownership for users. The hierarchy of ownership is as follows:
|
|
|
@@ -15,3 +15,31 @@ VestaCP uses a federated authentication model. Users can authenticate using thei
|
|
|
|
|
|
*Note: Additional authentication such as SSO, SAML, and OAuth will be part of the roadmap for VestaCP.*
|
|
|
|
|
|
+## Data Model
|
|
|
+The authentication data model relies on a primary email address as the unique identifier for users. The data model includes the following fields:
|
|
|
+- Email (primary key)
|
|
|
+- First Name
|
|
|
+- Last Name
|
|
|
+- Password (hashed)
|
|
|
+- Two-factor authentication (enabled/disabled)
|
|
|
+- Two-factor authentication secret
|
|
|
+- Role (admin, organization owner, team owner, user)
|
|
|
+- Organisations (array of organization IDs)
|
|
|
+- Teams (array of team IDs)
|
|
|
+- Created on
|
|
|
+- Updated on
|
|
|
+
|
|
|
+## Functionality
|
|
|
+The following functionality is available in VestaCP:
|
|
|
+- Create and manage users
|
|
|
+- Create and manage organizations
|
|
|
+- Create and manage teams
|
|
|
+- Assign users to organizations and teams
|
|
|
+- Assign roles to users
|
|
|
+- Enable two-factor authentication for users
|
|
|
+- Disable two-factor authentication for users
|
|
|
+- Send password reset emails
|
|
|
+- Reset passwords
|
|
|
+
|
|
|
+## API
|
|
|
+Please see the API documentation for more information on how to interact with the VestaCP authentication API at [API Documentation](../api/readme.md).
|
Rafael G. Martins