Permissions needed to call a API method

0

Where can I find what permissions a user needs to call an Axon.ivy API method?

asked 21.10.2014 at 09:58

Reto%20Weiss's gravatar image

Reto Weiss ♦♦
4.9k202857
accept rate: 74%

One Answer:
active answersoldestnewestmost voted
0

In the PublicAPI javadoc the permissions a user needs to call an API method is documented. Like the describtion of the "Parameters" or "Throws" of a method there maybe also a "Security:" part in the method description. The "Security:" part contains the security rule that is performed before the method is executed. E.g. for IRole#getName() the security rule is:

SESSION OWNS RoleReadName PERMISSION OR OWNS RoleReadName@SYSTEM PERMISSION

This means that the session that executes the method call must own permission RoleReadName either application wide (first part) or system wide (second part @SYSTEM).

Another example is the security role of IUser#getName():

SESSION (MATCHES THIS AND OWNS UserReadOwnName PERMISSION) OR OWNS UserReadName PERMISSION OR OWNS UserReadName@SYSTEM PERMISSION

This means that the session that executes the method call either must be:

  • login with the user this method is executed on (MATCHES THIS) and the session must own the permission UserReadOwnName (OWNS UserReadOwnName PERMISSION) or
  • owns the permission UserReadName (OWNS UserReadName PERMISSION) or
  • owns the permission UserReadName system wide (OWNS UserReadName@SYSTEM PERMISSION)

Next example is method IWorkflowSession#resumeTask(...):

SESSION IS SYSTEM

This means that only internal Axon.ivy code (SYSTEM) can execute this method.

link

answered 21.10.2014 at 10:01

Reto%20Weiss's gravatar image

Reto Weiss ♦♦
4.9k202857
accept rate: 74%

How can I assign these permissions if the user is already logged in?

(21.10.2014 at 10:40) HaraldWeber HaraldWeber's gravatar image

Normally the permission can be assigned in the Admin UI of the engine. It is also possible to assign the permission over an API. Have a look at IApplication#getSecurityDescriptor() and ISecurityDescriptor.

(21.10.2014 at 11:14) Reto Weiss ♦♦ Reto%20Weiss's gravatar image

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "Title")
  • image?![alt text](/path/img.jpg "Title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

learn more about Markdown

Tags:

×40

Asked: 21.10.2014 at 09:58

Seen: 2,507 times

Last updated: 21.10.2014 at 11:14

Related questions

Changing the Security System

Java blocks Rich Dialog applications and we cannot update

LDAP API call cache

Change password of an AD user in Ivy

How to set multiple responsible roles for a process start request

Does a user have a specific role?

How to reset a task back to state SUSPENDED cancelled by the user

How to change the certificate for SSL/HTTPS?

Permission Denied: needs Permission SYSTEM but the Session is SYSTEM

How can I disable Permission checks?