Runtime Security Authorization
See also: Runtime authentication, Security Menu
During the authentication process, roles and credentials are associated with
the user. These can then be used to evaluate runtime security checks.
There are a number of possibilities:
Roles
can be used when they have been associated with the user during authentication.
Roles can be checked using the FPL hasRole()
function or API SecurityManager.hasRole() method. Click here for more details on roles.
Ebase Authorizations
can only be used when Ebase Roles have been associated with user during
authentication – these roles are defined in the Ebase Security System. Ebase
Authorizations are defined inside Ebase Roles and can be checked using the FPL isAuthorized() function or API SecurityManager.isAuthorized() method. The following
authorization checks are built into the Ebase system and require corresponding
authorizations:
Additional
application authorizations can be added as required and then checks can be
issued as required by applications.
Ebase Authorizations consist of three parts:
Type/Name/Function and therefore allow security to be specified at a detailed
level. If this level of granularity is not required, it is easier to use role
based security.
Credentials
are similar to roles except that they have a value e.g. department=Finance. Credentials can be used when they have been
associated with the user during authentication. A security check can be
achieved against a credential using the hasCredential()
function e.g. hasCredential(‘department’, ‘finance’) or API SecurityManager.checkCredentialValue() method . A
credential value can be read using the getCredential() function or
API SecurityManager.getCredential() method.