admin/pos-system
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

docs: Expand architecture documentation for IAM Service with new aggregates and event types

Browse Source 
- Added detailed sections for Organization, Group, Access Request, Access Review, and Audit & Compliance aggregates in both English and Vietnamese.
- Included class diagrams and enumerations to enhance understanding of the new structures and their relationships.
- Updated the AuditEventType table to reflect 18 event types, improving clarity on event handling within the IAM Service.
This commit is contained in:
Ho Ngoc Hai
2026-01-14 19:31:41 +07:00
parent 8e87ddd4ea
commit 79bc566b73
2 changed files with 348 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

174
services/iam-service-net/docs/en/ARCHITECTURE.md
View File

@@ -225,6 +225,180 @@ erDiagram
AspNetRoles ||--o{ AspNetUserRoles : has
```
### Phase 2: Organization & Group Aggregates
```mermaid
classDiagram
class Organization {
+Guid Id
+string Name
+string Slug
+Guid? ParentId
+OrganizationStatus Status
+Create()
+Update()
+Archive()
}
class Group {
+Guid Id
+Guid OrganizationId
+string Name
+string Description
+AddMember()
+RemoveMember()
}
class GroupMember {
+Guid GroupId
+Guid UserId
+GroupRole Role
+DateTime JoinedAt
}
Organization "1" --> "*" Group : contains
Group "1" --> "*" GroupMember : has
```
### Phase 3A: Access Request Aggregate
```mermaid
classDiagram
class AccessRequest {
+Guid Id
+Guid RequesterId
+string ResourceType
+Guid ResourceId
+string RequestedPermission
+AccessRequestStatus Status
+AccessRequestPriority Priority
+DateTime DueDate
+Submit()
+Approve()
+Reject()
+Cancel()
}
class AccessRequestApprover {
+Guid RequestId
+Guid UserId
+int ApprovalOrder
+ApproverStatus Status
+string Comments
+Approve()
+Reject()
}
class AccessRequestStatus {
<<enumeration>>
+Draft
+Pending
+Approved
+Rejected
+Cancelled
+Expired
}
AccessRequest "1" --> "*" AccessRequestApprover : has
AccessRequest --> AccessRequestStatus : has
```
### Phase 3B: Access Review & PAM Aggregates
```mermaid
classDiagram
class AccessReview {
+Guid Id
+string Name
+Guid OwnerId
+string Scope
+AccessReviewStatus Status
+DateTime DueDate
+Start()
+Complete()
+Cancel()
}
class AccessReviewItem {
+Guid Id
+Guid UserId
+string ResourceType
+Guid ResourceId
+ReviewDecision Decision
+Certify()
+Revoke()
}
class PrivilegedAccessGrant {
+Guid Id
+Guid UserId
+Guid RoleId
+string ResourceScope
+PrivilegedAccessStatus Status
+DateTime StartsAt
+DateTime ExpiresAt
+Activate()
+Revoke()
+Extend()
}
AccessReview "1" --> "*" AccessReviewItem : contains
```
### Phase 4A: Audit & Compliance Aggregates
```mermaid
classDiagram
class AuditLog {
+Guid Id
+AuditEventType EventType
+Guid? ActorId
+string ResourceType
+Guid? ResourceId
+string Action
+bool Success
+DateTime Timestamp
+LoginEvent()
+AccessGrantedEvent()
}
class ComplianceReport {
+Guid Id
+string Name
+ComplianceReportType ReportType
+ComplianceReportStatus Status
+int TotalChecks
+int PassedChecks
+double CompliancePercentage
+StartGenerating()
+Complete()
+Fail()
}
class ComplianceViolation {
+Guid Id
+string Rule
+ViolationSeverity Severity
+string Description
+bool Resolved
+Resolve()
}
ComplianceReport "1" --> "*" ComplianceViolation : has
```
### AuditEventType (18 Event Types)
| Category | Event Types |
|----------|-------------|
| **Authentication** | Login, Logout, LoginFailed, PasswordChanged, TwoFactorEnabled/Disabled |
| **User Management** | UserCreated, UserUpdated, UserDeleted, UserLocked/Unlocked |
| **Access Control** | AccessRequested, AccessGranted, AccessRevoked, AccessDenied, PrivilegedAccessGranted/Revoked |
| **Organization** | OrganizationCreated/Updated, GroupMemberAdded/Removed |
| **Policy** | PolicyCreated, PolicyActivated, PolicyDeactivated |
| **Compliance** | ComplianceReportGenerated, ViolationDetected, ViolationResolved |
## CQRS Pipeline
```mermaid

174
services/iam-service-net/docs/vi/ARCHITECTURE.md
View File

@@ -225,6 +225,180 @@ erDiagram
AspNetRoles ||--o{ AspNetUserRoles : có
```
### Phase 2: Organization & Group Aggregates
```mermaid
classDiagram
class Organization {
+Guid Id
+string Name
+string Slug
+Guid? ParentId
+OrganizationStatus Status
+Create()
+Update()
+Archive()
}
class Group {
+Guid Id
+Guid OrganizationId
+string Name
+string Description
+AddMember()
+RemoveMember()
}
class GroupMember {
+Guid GroupId
+Guid UserId
+GroupRole Role
+DateTime JoinedAt
}
Organization "1" --> "*" Group : contains
Group "1" --> "*" GroupMember : has
```
### Phase 3A: Access Request Aggregate
```mermaid
classDiagram
class AccessRequest {
+Guid Id
+Guid RequesterId
+string ResourceType
+Guid ResourceId
+string RequestedPermission
+AccessRequestStatus Status
+AccessRequestPriority Priority
+DateTime DueDate
+Submit()
+Approve()
+Reject()
+Cancel()
}
class AccessRequestApprover {
+Guid RequestId
+Guid UserId
+int ApprovalOrder
+ApproverStatus Status
+string Comments
+Approve()
+Reject()
}
class AccessRequestStatus {
<<enumeration>>
+Draft
+Pending
+Approved
+Rejected
+Cancelled
+Expired
}
AccessRequest "1" --> "*" AccessRequestApprover : has
AccessRequest --> AccessRequestStatus : has
```
### Phase 3B: Access Review & PAM Aggregates
```mermaid
classDiagram
class AccessReview {
+Guid Id
+string Name
+Guid OwnerId
+string Scope
+AccessReviewStatus Status
+DateTime DueDate
+Start()
+Complete()
+Cancel()
}
class AccessReviewItem {
+Guid Id
+Guid UserId
+string ResourceType
+Guid ResourceId
+ReviewDecision Decision
+Certify()
+Revoke()
}
class PrivilegedAccessGrant {
+Guid Id
+Guid UserId
+Guid RoleId
+string ResourceScope
+PrivilegedAccessStatus Status
+DateTime StartsAt
+DateTime ExpiresAt
+Activate()
+Revoke()
+Extend()
}
AccessReview "1" --> "*" AccessReviewItem : contains
```
### Phase 4A: Audit & Compliance Aggregates
```mermaid
classDiagram
class AuditLog {
+Guid Id
+AuditEventType EventType
+Guid? ActorId
+string ResourceType
+Guid? ResourceId
+string Action
+bool Success
+DateTime Timestamp
+LoginEvent()
+AccessGrantedEvent()
}
class ComplianceReport {
+Guid Id
+string Name
+ComplianceReportType ReportType
+ComplianceReportStatus Status
+int TotalChecks
+int PassedChecks
+double CompliancePercentage
+StartGenerating()
+Complete()
+Fail()
}
class ComplianceViolation {
+Guid Id
+string Rule
+ViolationSeverity Severity
+string Description
+bool Resolved
+Resolve()
}
ComplianceReport "1" --> "*" ComplianceViolation : has
```
### AuditEventType (18 Event Types)
| Category | Event Types |
|----------|-------------|
| **Authentication** | Login, Logout, LoginFailed, PasswordChanged, TwoFactorEnabled/Disabled |
| **User Management** | UserCreated, UserUpdated, UserDeleted, UserLocked/Unlocked |
| **Access Control** | AccessRequested, AccessGranted, AccessRevoked, AccessDenied, PrivilegedAccessGranted/Revoked |
| **Organization** | OrganizationCreated/Updated, GroupMemberAdded/Removed |
| **Policy** | PolicyCreated, PolicyActivated, PolicyDeactivated |
| **Compliance** | ComplianceReportGenerated, ViolationDetected, ViolationResolved |
## CQRS Pipeline
```mermaid