Security
Security in Contendo Server is built around users, authentication, groups, and access control. These components work together to ensure that only authorized users can perform operations with Contendo Server and have controlled access to stored resources.
Security Components Overview
| Name | Description |
|---|---|
| Users | Defines user management, authentication methods, and user-related operations. |
| Groups | Describes how groups are used for access control and user organization. |
| Access Control | Explains how permissions are granted and enforced using ACLs. |
Users and Authentication
Every operation in Contendo Server must be performed by an authenticated user. Users can authenticate using either Basic Authentication or an API key. Additional authentication mechanisms will be introduced in the future.
Users are managed within domains and must belong to appropriate groups to be granted permissions.
Groups
Groups in Contendo Server provide a way to organize users and manage permissions efficiently. Users can be assigned to multiple groups, which helps structure permissions flexibly.
System groups, super, admin, and user as well as repository_<repository_id>, have predefined meanings and access
levels.
Custom groups can be created to represent roles, members of an organization, or users with specific access needs.
Access Control
Access control in Contendo Server is managed through Access Control Lists (ACLs). An ACL is assigned to an object and contains Access Control Entries (ACEs). Each ACE defines a principal (user or group) and the associated permissions (read, write). Users and groups gain permissions based on the ACEs assigned to an object.
Because permissions are associated with objects, rather than users directly, access control remains scalable and flexible. Groups play a critical role in this model, allowing permissions to be assigned at a broader level rather than managing each user individually.