Runtime Security Authorization
See also: User Authentication, Security Menu
During the authentication process, roles, authorizations and credentials are associated with
the user. These can then be used to evaluate runtime security checks.
There are a number of possibilities:
Roles
can be used when they have been associated with the user during authentication.
Roles can be checked using Javascript SecurityManager.hasRole() or the FPL hasRole()
function. Click here for more details on
roles.
Authorizations
are similar to roles but provide more granularity than a simple hasRole check. An
authorization contains three fields: type,
name and function which are checked as a combination. Authorizations also
support masking, lists and ranges. Authorizations are checked using Javascript SecurityManager.isAuthorized() or the FPL isAuthorized()
function. Click here for more details on
authorizations.
When the Ebase
Security System is used to define users, authorizations can be configured as
a subset of roles. In other circumstances i.e. when the security model is
externalized in some way, authorizations are added by a Logon Service when the user signs on.
The following authorization checks are built into the
Verj.io system and require corresponding
authorizations:
Additional
application authorizations can be added as required and then checks can be
issued as required by applications.
Credentials
are similar to roles except that they have a value e.g. department=Finance. Credentials can be used when they have been
associated with the user during authentication e.g. they might be read from
Active Directory. A security check can be achieved against a credential using Javascript SecurityManager.checkCredentialValue() or FPL hasCredential()
function e.g. hasCredential(‘department’, ‘finance’)
or. A credential value can be read using Javascript SecurityManager.getCredential() or the FPL getCredential()
function.