diff --git a/services/iam-service-net/docs/en/ARCHITECTURE.md b/services/iam-service-net/docs/en/ARCHITECTURE.md index d83445e2..7f7c2317 100644 --- a/services/iam-service-net/docs/en/ARCHITECTURE.md +++ b/services/iam-service-net/docs/en/ARCHITECTURE.md @@ -225,6 +225,180 @@ erDiagram AspNetRoles ||--o{ AspNetUserRoles : has ``` +### Phase 2: Organization & Group Aggregates + +```mermaid +classDiagram + class Organization { + +Guid Id + +string Name + +string Slug + +Guid? ParentId + +OrganizationStatus Status + +Create() + +Update() + +Archive() + } + + class Group { + +Guid Id + +Guid OrganizationId + +string Name + +string Description + +AddMember() + +RemoveMember() + } + + class GroupMember { + +Guid GroupId + +Guid UserId + +GroupRole Role + +DateTime JoinedAt + } + + Organization "1" --> "*" Group : contains + Group "1" --> "*" GroupMember : has +``` + +### Phase 3A: Access Request Aggregate + +```mermaid +classDiagram + class AccessRequest { + +Guid Id + +Guid RequesterId + +string ResourceType + +Guid ResourceId + +string RequestedPermission + +AccessRequestStatus Status + +AccessRequestPriority Priority + +DateTime DueDate + +Submit() + +Approve() + +Reject() + +Cancel() + } + + class AccessRequestApprover { + +Guid RequestId + +Guid UserId + +int ApprovalOrder + +ApproverStatus Status + +string Comments + +Approve() + +Reject() + } + + class AccessRequestStatus { + <> + +Draft + +Pending + +Approved + +Rejected + +Cancelled + +Expired + } + + AccessRequest "1" --> "*" AccessRequestApprover : has + AccessRequest --> AccessRequestStatus : has +``` + +### Phase 3B: Access Review & PAM Aggregates + +```mermaid +classDiagram + class AccessReview { + +Guid Id + +string Name + +Guid OwnerId + +string Scope + +AccessReviewStatus Status + +DateTime DueDate + +Start() + +Complete() + +Cancel() + } + + class AccessReviewItem { + +Guid Id + +Guid UserId + +string ResourceType + +Guid ResourceId + +ReviewDecision Decision + +Certify() + +Revoke() + } + + class PrivilegedAccessGrant { + +Guid Id + +Guid UserId + +Guid RoleId + +string ResourceScope + +PrivilegedAccessStatus Status + +DateTime StartsAt + +DateTime ExpiresAt + +Activate() + +Revoke() + +Extend() + } + + AccessReview "1" --> "*" AccessReviewItem : contains +``` + +### Phase 4A: Audit & Compliance Aggregates + +```mermaid +classDiagram + class AuditLog { + +Guid Id + +AuditEventType EventType + +Guid? ActorId + +string ResourceType + +Guid? ResourceId + +string Action + +bool Success + +DateTime Timestamp + +LoginEvent() + +AccessGrantedEvent() + } + + class ComplianceReport { + +Guid Id + +string Name + +ComplianceReportType ReportType + +ComplianceReportStatus Status + +int TotalChecks + +int PassedChecks + +double CompliancePercentage + +StartGenerating() + +Complete() + +Fail() + } + + class ComplianceViolation { + +Guid Id + +string Rule + +ViolationSeverity Severity + +string Description + +bool Resolved + +Resolve() + } + + ComplianceReport "1" --> "*" ComplianceViolation : has +``` + +### AuditEventType (18 Event Types) + +| Category | Event Types | +|----------|-------------| +| **Authentication** | Login, Logout, LoginFailed, PasswordChanged, TwoFactorEnabled/Disabled | +| **User Management** | UserCreated, UserUpdated, UserDeleted, UserLocked/Unlocked | +| **Access Control** | AccessRequested, AccessGranted, AccessRevoked, AccessDenied, PrivilegedAccessGranted/Revoked | +| **Organization** | OrganizationCreated/Updated, GroupMemberAdded/Removed | +| **Policy** | PolicyCreated, PolicyActivated, PolicyDeactivated | +| **Compliance** | ComplianceReportGenerated, ViolationDetected, ViolationResolved | + + ## CQRS Pipeline ```mermaid diff --git a/services/iam-service-net/docs/vi/ARCHITECTURE.md b/services/iam-service-net/docs/vi/ARCHITECTURE.md index 773be8d7..f0de216e 100644 --- a/services/iam-service-net/docs/vi/ARCHITECTURE.md +++ b/services/iam-service-net/docs/vi/ARCHITECTURE.md @@ -225,6 +225,180 @@ erDiagram AspNetRoles ||--o{ AspNetUserRoles : có ``` +### Phase 2: Organization & Group Aggregates + +```mermaid +classDiagram + class Organization { + +Guid Id + +string Name + +string Slug + +Guid? ParentId + +OrganizationStatus Status + +Create() + +Update() + +Archive() + } + + class Group { + +Guid Id + +Guid OrganizationId + +string Name + +string Description + +AddMember() + +RemoveMember() + } + + class GroupMember { + +Guid GroupId + +Guid UserId + +GroupRole Role + +DateTime JoinedAt + } + + Organization "1" --> "*" Group : contains + Group "1" --> "*" GroupMember : has +``` + +### Phase 3A: Access Request Aggregate + +```mermaid +classDiagram + class AccessRequest { + +Guid Id + +Guid RequesterId + +string ResourceType + +Guid ResourceId + +string RequestedPermission + +AccessRequestStatus Status + +AccessRequestPriority Priority + +DateTime DueDate + +Submit() + +Approve() + +Reject() + +Cancel() + } + + class AccessRequestApprover { + +Guid RequestId + +Guid UserId + +int ApprovalOrder + +ApproverStatus Status + +string Comments + +Approve() + +Reject() + } + + class AccessRequestStatus { + <> + +Draft + +Pending + +Approved + +Rejected + +Cancelled + +Expired + } + + AccessRequest "1" --> "*" AccessRequestApprover : has + AccessRequest --> AccessRequestStatus : has +``` + +### Phase 3B: Access Review & PAM Aggregates + +```mermaid +classDiagram + class AccessReview { + +Guid Id + +string Name + +Guid OwnerId + +string Scope + +AccessReviewStatus Status + +DateTime DueDate + +Start() + +Complete() + +Cancel() + } + + class AccessReviewItem { + +Guid Id + +Guid UserId + +string ResourceType + +Guid ResourceId + +ReviewDecision Decision + +Certify() + +Revoke() + } + + class PrivilegedAccessGrant { + +Guid Id + +Guid UserId + +Guid RoleId + +string ResourceScope + +PrivilegedAccessStatus Status + +DateTime StartsAt + +DateTime ExpiresAt + +Activate() + +Revoke() + +Extend() + } + + AccessReview "1" --> "*" AccessReviewItem : contains +``` + +### Phase 4A: Audit & Compliance Aggregates + +```mermaid +classDiagram + class AuditLog { + +Guid Id + +AuditEventType EventType + +Guid? ActorId + +string ResourceType + +Guid? ResourceId + +string Action + +bool Success + +DateTime Timestamp + +LoginEvent() + +AccessGrantedEvent() + } + + class ComplianceReport { + +Guid Id + +string Name + +ComplianceReportType ReportType + +ComplianceReportStatus Status + +int TotalChecks + +int PassedChecks + +double CompliancePercentage + +StartGenerating() + +Complete() + +Fail() + } + + class ComplianceViolation { + +Guid Id + +string Rule + +ViolationSeverity Severity + +string Description + +bool Resolved + +Resolve() + } + + ComplianceReport "1" --> "*" ComplianceViolation : has +``` + +### AuditEventType (18 Event Types) + +| Category | Event Types | +|----------|-------------| +| **Authentication** | Login, Logout, LoginFailed, PasswordChanged, TwoFactorEnabled/Disabled | +| **User Management** | UserCreated, UserUpdated, UserDeleted, UserLocked/Unlocked | +| **Access Control** | AccessRequested, AccessGranted, AccessRevoked, AccessDenied, PrivilegedAccessGranted/Revoked | +| **Organization** | OrganizationCreated/Updated, GroupMemberAdded/Removed | +| **Policy** | PolicyCreated, PolicyActivated, PolicyDeactivated | +| **Compliance** | ComplianceReportGenerated, ViolationDetected, ViolationResolved | + + ## CQRS Pipeline ```mermaid