Skip to main content

Admin Access Control

Security Requirement Statement​

Access to admin-only routes must be restricted via role-based access control.

Control Classification​

  • Timing Control Category: Preventive
  • Nature Control Category: Technical
  • Status: Identified
  • Date Identified: 2025-10-29
  • Date First Implemented: TBD
  • Date Last Reviewed: 2025-10-29
  • Date Retired: N/A

Implementation Approach​

ShareThrift implements admin access control through a multi-layered authorization system combining role-based permissions, domain-driven authorization, and GraphQL resolver-level security controls.

Compensating Controls​

  1. JWT Authentication: All admin operations require valid JWT tokens validated through Azure AD B2C
  2. Domain Permissions: Fine-grained permission checking at the domain layer via Passport/Visa pattern
  3. UI Route Protection: Admin dashboard routes are conditionally rendered based on user permissions
  4. GraphQL Context Authorization: Request-level context includes user verification and permission evaluation

Context and Problem Statement​

ShareThrift requires robust admin access control to protect administrative operations including user blocking/unblocking, listing moderation, and platform management. The platform needs to ensure that only authorized staff members can access admin functionality while maintaining proper audit trails and security boundaries.

Business Requirements Addressed:​

  • Admin Dashboard Access: Restricted to admin accounts only via AdminDashboard component protection
  • User Moderation: Block/unblock users through role-based permissions (canBlockUsers, canUnblockUsers)
  • Listing Management: Admin-only listing moderation capabilities (canBlockListings, canRemoveListings)
  • Report Access: Admin view of user and listing reports (canViewUserReports, canViewListingReports)

Success Criteria​

Implemented Security Controls:​

  1. Multi-Factor Authentication: JWT token validation integrated with Azure AD B2C identity provider
  2. Role-Based Authorization: Comprehensive domain permission framework with granular admin capabilities
  3. Architectural Security: Passport/Visa pattern ensures clean separation of authorization concerns
  4. UI Security Boundaries: Admin interface components implement proper access control validation
  5. Type-Safe Operations: Strongly-typed API contracts prevent parameter manipulation attacks
  6. Request Context Security: Authenticated request processing with user verification pipeline

Security Enforcement Layers:​

  1. Authentication Layer: Valid JWT tokens required for all administrative operations
  2. Authorization Layer: Domain-specific permissions validated before operation execution
  3. UI Protection Layer: Admin dashboard access restricted based on user role verification
  4. Data Access Layer: Repository-level access controls ensure data boundary enforcement

Compliance Achievements:​

  • Principle of Least Privilege: Users granted minimum necessary permissions for their role
  • Defense in Depth: Multiple security layers prevent single point of failure
  • Audit Readiness: Administrative operations include comprehensive logging capabilities
  • Secure by Default: System denies access unless explicitly authorized

Operational Security Features:​

  • Session Management: Secure token handling with appropriate expiration policies
  • Permission Granularity: Fine-grained control over individual administrative capabilities
  • Error Handling: Security-conscious error responses prevent information disclosure
  • Access Monitoring: Administrative action tracking for security oversight