Abstract

Identity and Access Management (IAM) 

Here is short explanation of how we manage Users and their Permissions in Finmars Platform.

Precondition: Read a IAM Keywords explanations

So, when User joins to Space, Member record will be created, all the rules and policies will be applied to Member

By default Member has no Roles, Groups, Access Policies, so that means, by default Member has no access to anything

If Member has Admin flag (is_admin=True) he will access to everything. IAM Engine Access Policies will be ignored

How its all works?

Finmars is Platform, it has a REST API interface, that works with HTTP protocol (you could read more about HTTP, REST API and Requests in public sources)

so when User open a Browser and Logs In into Finmars, Finmars Frontend App will start making Requests

So each Request will address some Endpoint e.g. api/v1/portfolios/portfolio
 
So, when Finmars receive incoming request, server will basically get (in simple terms):

member: user_a,
method: GET,
endpoint: api/v1/portfolios/portfolio

What happen next?