Security

The security is based on privileges granted on entities tied to a part of the organisation (the scope of the grant). Privileges can only be granted on roles and then users are mapped to one or many roles.

Privileges and scopes #

The available privileges are:

1. entity_get - the privilege to read an entity (also applied for FETCH queries that include the entity)
2. entity_insert - the privilege to create an entity
3. entity_update - the privilege to update an entity
4. entity_delete - the privilege to delete an entity
5. entity_change_ownership - the privilege to change the ownership of an entity

The available scopes:

1. All - the privilege is for all entities throughout the system
2. Organization - the privilege applies only for the entities within the organization of the user
3. BusinessUnit - the privilege applies only for the entities within the business unit of the user
4. Owner - the privilege applies only for the entities owned by the user
5. None - restricts the user from the privilege (this is the default value)

Examples #

You want to create a role named “Workers” for which all users belonging to it will have the privilege to read all the tasks in their business unit and the privilege to create, update and delete only the tasks owned by the user. Here is how to configure it:

1. Create the “Workers” role using the Roles designer.
2. Grant the following privileges using the Entity security designer.

If you wish to create a “Supervisors” role with reading and deleting privileges for all entities and the possibility to assign entities to other users within its department, the security is configured as follows:

1. Create the “Supervisors” role using the Roles designer.
2. Grant the following privileges using the Entity security designer.