Skip to content

Authentication and authorization overview

This document provides a high-level overview of authentication and authorization principles in Balyze.

It intentionally avoids implementation details and focuses on security boundaries and responsibilities.

Authentication

Balyze uses a standard email and password authentication mechanism.

At the current ALPHA stage:

  • authentication is required for all domain interactions
  • each user operates within their own isolated data scope
  • authentication concerns are handled independently from domain rules

User identity is established before any domain or authorization logic is applied.

Authorization principles

Authorization in Balyze follows a clear separation of concerns:

  • authentication confirms who the user is
  • authorization defines what the user may access or modify

Authorization rules are enforced consistently and explicitly.

Ownership-based access

All domain entities are owned by a user.

As a general rule:

  • a user may only access their own data
  • ownership is enforced through policies
  • ownership rules are independent from business logic

This prevents cross-user data leakage by default.

Roles and elevated access

Balyze supports role-based access control.

At this stage:

  • regular users operate as candidates
  • administrative access exists for maintenance and supervision
  • administrators may bypass ownership constraints when required

Elevated access is explicit and intentionally limited.

Enforcement strategy

Security rules are enforced at multiple levels:

  • middleware ensures authenticated access
  • policies enforce ownership and permissions
  • domain services enforce business rules

Security concerns are not embedded directly into domain logic.

Out of scope considerations

The following aspects are intentionally deferred:

  • email verification workflows
  • advanced permission granularity
  • external identity providers
  • audit logging and security analytics

These concerns will be revisited as the product matures.

Guiding principles

  • deny by default
  • explicit access rules
  • no implicit trust between layers
  • clarity over flexibility