Skip to main content

Security & RBAC

This page documents implemented security surfaces in gateway/controller/storage paths for v1.0.

Authentication Surfaces (Gateway)

Gateway auth modules include:

SCRAM (scram, scram_sha1)
X.509 mapping (x509)
OIDC/JWT managers (oidc, jwt)
LDAP authenticator (ldap)
Account lockout and password policy

Code anchors:

services/gateway/src/auth/
services/gateway/src/proxy/handler/auth.rs

Authorization

Gateway enforces role/permission checks before routing sensitive commands (write/admin/index/user-management paths).

Security-Relevant Command Surface

User management: createUser, dropUser, updateUser, usersInfo
Role management: createRole, dropRole, updateRole, rolesInfo
Role grants: grantRolesToUser, revokeRolesFromUser

Transport and Runtime Security

TLS settings are available in gateway config/defaults.
Inter-service auth context signing/verification is implemented in runtime services.
Audit event paths exist in gateway/storage audit modules.

Operational Recommendations

Enforce TLS for external endpoints in production.
Restrict network exposure of internal gRPC ports.
Use least-privilege roles for service and user accounts.
Include security scans in release gates (make security-scan).

Authentication Surfaces (Gateway)
Authorization
Security-Relevant Command Surface
Transport and Runtime Security
Operational Recommendations