Design (micro)service access control/authorization framework

[RichDom2185]

Background

Being an extension to the existing backend, stories should be able to inter-operate with it, leveraging existing access control (AC) frameworks to grant/deny access to resources.

However, being a multi-tenant system, a standalone AC system that is able to operate independently of any backend might also be desirable.

Requirements

• (MVP - minimal) Implement basic (standalone) access control
• (MVP - extension) Support interoperability with existing backend's AC systems for simple grant/deny permissions check
• (MVP - extension) Import users data and permissions from main backend
• (MVP - extension) Auto-pull/update users data and permissions from main backend
• (Extension) Support more granular permissions control such as accessing specific types of resources/groups of the same type of resource
• (Extension) Support more user roles such as those defined in Design multitenancy implementation #15
• (Extension) Support interoperability of users' data with other services/main backend