Runtime Security Authorization

 

 

Documentation home

 

See also: User Authentication, Security Menu

 

During the authentication process, roles, authorizations and credentials are associated with the user. These can then be used to evaluate runtime security checks.

 

There are a number of possibilities:

 

Roles

Roles can be used when they have been associated with the user during authentication. Roles can be checked using Javascript SecurityManager.hasRole() or the FPL hasRole() function. Click here for more details on roles.

 

Authorizations

Authorizations are similar to roles but provide more granularity than a simple hasRole check. An authorization contains three fields: type, name and function which are checked as a combination. Authorizations also support masking, lists and ranges. Authorizations are checked using Javascript SecurityManager.isAuthorized() or the FPL isAuthorized() function. Click here for more details on authorizations.

 

When the Ebase Security System is used to define users, authorizations can be configured as a subset of roles. In other circumstances i.e. when the security model is externalized in some way, authorizations are added by a Logon Service when the user signs on.

 

The following authorization checks are built into the Verj.io system and require corresponding authorizations:

 

·         Form Execution

·         Workflow Client access

 

Additional application authorizations can be added as required and then checks can be issued as required by applications.

 

Credentials

Credentials are similar to roles except that they have a value e.g. department=Finance. Credentials can be used when they have been associated with the user during authentication e.g. they might be read from Active Directory. A security check can be achieved against a credential using Javascript SecurityManager.checkCredentialValue() or FPL hasCredential() function e.g. hasCredential(‘department’, ‘finance’) or. A credential value can be read using Javascript SecurityManager.getCredential() or the FPL getCredential() function.