webCOMAND

webCOMAND Docs
Developer Guide Concepts & Features Repositories Authorizations

COMAND Authorizations

Authorizations grant user's access to COMAND repository objects, fields and methods.

Authorizations are defined per User Role, and one or more User Roles can be associated with a User.

Authorizations are additive. That is, all of a User's Authorizations are combined to grant access to a set of objects, fields and methods. If one Authorization grants access, another can not take it away, so the order Authorizations are created and applied has no affect.

Privileges

A Privilege defines a type of access that may be granted, and the following common set of privileges are enforced by the COMAND API.

  • Read - Access objects, fields, field values and methods.
  • Create - Create new objects.
  • Update - Update existing objects and field values.
  • Delete - Remove existing objects and field values.
  • Execute - Execute object methods.

A COMAND App can leverage these common privileges to control or determine what information is accessible to it's users. Additional privledges can also be defined and used by one or more apps for their own purposes, but they will be ignored by the COMAND API.

Authorization Types

Different types of authorizations assign privileges for different criteria. For example, one type of authorization may assign privileges to specific objects, while another may assign priviledges to fields. The following types are part of the COMAND Core, but may be extended for more options.

Authorization

The base class that all other Authorization Types extend. It provides an interface to implement authorizations types in a way that is extendable. It does not define any fields.

Content Type Authorization

Assigns privileges to objects of one or more content types. Privileges can be assigned to the objects themselves, as well as specific fields.

Content Authorization

Assigns privileges to objects in a collection specified by a cPath. Privileges can be assign to the objects themselves, as well as specific fields.

Field Authorization

Field Authorizations are defined within a Content Type Authorization or Content Authorization to assign privileges to specific fields within the set of objects they define.

Field Type Authorization

Field Type Authorizations are defined within a Content Type Authorization or Content Authorization to assign privileges for a certain content types in a specific field or fields.

For more detailed information for developers, see Authorization Content Types.

Page last updated .

Copyright © 2013-2024, COMAND Systems, Inc.