Varnish Controller


Authorization consists of the things that happen after authentication has taken place. That is, after a user has logged in. It controls what resources a user owns and is able to manage.

A user can be part of one or more organization. For each organization, the user may have different permissions.


When a user creates a resource, it will be owned by the organization that the user is logged into. All users with read permissions for the specific resource type, in the organization, will be able to view the resource. The same applies to write permissions. If a user has write permission to the particular resource type, they may change the resource, even if they are not the original creator.

This means that all resources for an organization are available to all users in the organization. What decides if a user may view or modify a resource is up to the permission for the resource, which can be read or write. write permissions automatically imply read permissions.

Nested Resources

If a user wants to create a new VCLGroup that references a resource of type Domain, the user requires write access to resource type VCLGroup and also read permission for Domain. The domain specified must also be owned by the organization.