...
The central entity is the user which, by assumption, owns resources he grants access to. A client can then define reliable clients and administrate there grant as well as bearer (access) tokens. This workflow however is not defined by the above database schema nor oAuth2. Flarecast do not provide corresponding functionalities for managing users at the moment, so each user has to be manually added to the database. Furthermore, a fine-grained user management system may add some user roles which could then be mapped to specific scopes. An example may look likeis given by the following table:
| User Role | Resource Scope | Example |
|---|---|---|
| Reader | read | Access to protected routes for querying configurations of prediction algorithms. |
| Writer | write | Access to protected routes for adding prediction data to existing predictions. |
| Moderator | read, write | Full (read and write) access to the prediction service. |
| Administrator | read, write, execute | Full access to the workflow management service, including protected routes for running and stopping Docker containers. |