User Roles and Credentials

Documentation home

 

Roles 1

Credentials 1

 

See also: Runtime Authentication

 

Roles

A role is character string that represents some capability of the user, examples might be Manager, Supervisor, Auditor etc.  Any number of roles can be associated with a user during the authentication process implemented by the Logon Service. There are two types of role:

 

·         Ebase Roles: these are defined in the Ebase Security system and usually contain a number of authorizations that control user access to different parts of the Ebase system, and can also be configured to handle application security.

·         Custom Roles: these are used for all other role requirements and are not defined in the Ebase Security system.

 

Both role types can be used as follows:

 

·         They can be checked using the FPL hasRole() function or API SecurityManager.hasRole() method e.g.

 

FPL:

API based language (Javascript):

 

if [ hasRole('Manager') ]

  ..

endif

 

if (system.securityManager.hasRole("Manager") )

{

 ..

}

 

·         They can be used to control assignment of workflow tasks. See XI Workflow Assignment Handler.

 

 

Credentials

A credential can be any user attribute that also has a corresponding value, such as email address,  department, employee no.  Any number of credentials can be associated with a user during the authentication process implemented by the Logon Service, e.g. by extracting them from a user registry like Active Directory.

 

email=jsmith@mycorp.com

department=it

employeeno=654321

 

User credentials can be used as follows:

 

·         They can be checked with the FPL getCredential() function or API SecurityManager.getCredential() method and the FPL hasCredential() function or API SecurityManager.checkCredentialValue() method.

 

FPL:

API based language (Javascript):

 

email_adr = getCredential('email');

 

if [hasCredential('department', 'Accounts')]

  ..

endif

 

 

var emailAdr = system.securityManager getCredential("email");

 

if (system.securityManager checkCredentialValue("department", "Accounts")

{

  ..

}

 

·         They can be used to control assignment of workflow tasks, either on their own or in combination with roles. See XI Workflow Assignment Handler.