Access Control

Overview

To offer security and access control in SIP3 was developed and implemented Role-based access control model. SIP3 supports OpenID Connect or SAML 2.0 Identity Providers like Keycloak.

Security Roles

There are 5 predefined roles in SIP3:

1 SIP3_UNAUTHORIZED
2 SIP3_VIEWER
3 SIP3_SUPPORT
4 SIP3_SUPERVISOR
5 SIP3_ADMIN

These roles can grant access for support users to search and view SIP sessions, enable Media Recording On Demand and deny access to setting up and editing the system. System administrators will also have access to configuration and management of SIP3 components, advanced Media Recording functionality, etc.

Access control matrix

Roles

Site

Action

Endpoint

Method

1

2

3

4

5

Attributes

View attributes

/api/attributes

*

X

X

X

Search

Session search

/api/search

*

X

X

X

Sessions

View session

/api/session/flow

*

X

X

X

X

/api/session/details

*

X

X

X

X

/api/session/media

*

X

X

X

X

Export to PCAP

/api/session/pcap

*

X

X

X

Stash session

/api/session/stash

*

X

X

X

Hosts

View hosts

/api/hosts

GET

X

X

X

/api/hosts/<name>

GET

X

X

X

Edit hosts

/api/hosts

POST
PUT
DELETE

X

X

Import hosts

/api/hosts/import

POST

X

Tasks

View task

/api/tasks/<id>

GET

X

X

X

Search task

/api/tasks/search

POST

X

X

X

Add task

/api/tasks/

POST

X

X

Cancel task

/api/tasks/<id>/cancel

PUT

X

X

Recordings

Add recording task

/api/tasks/recording/user/

POST

X

X

X

/api/tasks/recording/addr/

POST

X

X

X

/api/tasks/recording/host/

POST

X

X

X

/api/tasks/recording/filter

POST

X

X

Components

View

/api/management/components

GET

X

X

Reset recording-status

/api/management/components/recording-reset

*

X

Shutdown

/api/management/components/shutdown

*

X

Delete

/api/management/components

DELETE

X

Configuration

View

/api/management/configuration

GET

X

Edit

/api/management/configuration

POST
PUT

X

Delete

/api/management/configuration

DELETE

X

Customization

To be more flexible SIP3 Access control matrix is ready to be modified according to customer requirements. Standard roles can be changed, and new roles with a limited set of rights can be added.