Runtime Security Authorization
See also: Runtime authentication, Security Menu
During the authentication process, roles and credentials are associated with
the user. These can then be used to evaluate runtime security checks.
There are a number of possibilities:
Ebase Authorizations can be used when Ebase Roles
have been associated with user during authentication. Ebase Authorizations are
defined inside Ebase Roles and can be checked using the FPL isAuthorized() function or API SecurityManager.isAuthorized()
method. The following authorization checks are built into the Ebase system and
require corresponding authorizations:
Additional
application authorizations can be added as required and then checks can be
issued as required by applications.
Ebase Authorizations consist of three parts:
Type/Name/Function and therefore allow security to be specified at a detailed
level. If this level of granularity is not required, it is easier to use role
based security.
Click here
for more information on Ebase Authorizations.
Roles
can be used when they have been associated with the user during authentication.
Ebase roles and custom roles can both be used – no distinction is made between
the two. Roles can be checked using the FPL hasRole()
function or API SecurityManager.hasRole()
method.
Credentials
are similar to roles except that they have a value e.g. department=Finance. Credentials can be used when they have been
associated with the user during authentication. A security check can be
achieved against a credential using the hasCredential()
function e.g. hasCredential(‘department’, ‘finance’) or API SecurityManager.checkCredentialValue()
method . A credential value can be read using the getCredential()
function or API SecurityManager.getCredential()
method.