[Security] Manage access for different entities

[abhishekshree]

Currently, the main concern about making the user database and limiting access to ACs has been because of the lack of trust to keep the available data in house and not pass it on to campus community when not required.

An instance could be as small looking as sharing the list of resumes from the past intern drive to the current drive when no one is supposed to do that until it has been discussed. With the flexibility to manage roles, there can be a misuse of the escalated privileges (i.e. escalating the privilege of an AC would come with a risk that, a lot of data can be compromised since it will be readily accessible).

We need to come up with a solution to either:

1. Make some security enhancements (passwords?) on how we let users access the downloaded CSVs/PDFs.
2. Come up with a strategy to mark each download with the signature (digital) of the downloader.

This might not be that straightforward but in my opinion, needs to be present to make RAS a self-accountable platform.

---

Feel free to drop off some suggestions if you feel there can be a better approach to tackle this issue.