diff --git a/docs/specifications/access_control_and_ownership.md b/docs/specifications/access_control_and_ownership.md index b920a4fcb..50dc8adc4 100644 --- a/docs/specifications/access_control_and_ownership.md +++ b/docs/specifications/access_control_and_ownership.md @@ -1,4 +1,4 @@ -[Back to Specifications](README.md) +[Back to Specifications](readme.md) # VestaCP Access Control and Ownership VestaCP is built on the concept of federated access control and ownership for users. The hierarchy of ownership is as follows: @@ -15,3 +15,31 @@ VestaCP uses a federated authentication model. Users can authenticate using thei *Note: Additional authentication such as SSO, SAML, and OAuth will be part of the roadmap for VestaCP.* +## Data Model +The authentication data model relies on a primary email address as the unique identifier for users. The data model includes the following fields: +- Email (primary key) +- First Name +- Last Name +- Password (hashed) +- Two-factor authentication (enabled/disabled) +- Two-factor authentication secret +- Role (admin, organization owner, team owner, user) +- Organisations (array of organization IDs) +- Teams (array of team IDs) +- Created on +- Updated on + +## Functionality +The following functionality is available in VestaCP: +- Create and manage users +- Create and manage organizations +- Create and manage teams +- Assign users to organizations and teams +- Assign roles to users +- Enable two-factor authentication for users +- Disable two-factor authentication for users +- Send password reset emails +- Reset passwords + +## API +Please see the API documentation for more information on how to interact with the VestaCP authentication API at [API Documentation](../api/readme.md).