Where can I find what permissions a user needs to call an Axon.ivy API method?

asked 21.10.2014 at 09:58

Reto%20Weiss's gravatar image

Reto Weiss ♦♦
4.9k202857
accept rate: 74%


In the PublicAPI javadoc the permissions a user needs to call an API method is documented. Like the describtion of the "Parameters" or "Throws" of a method there maybe also a "Security:" part in the method description. The "Security:" part contains the security rule that is performed before the method is executed. E.g. for IRole#getName() the security rule is:

SESSION OWNS RoleReadName PERMISSION OR OWNS RoleReadName@SYSTEM PERMISSION

This means that the session that executes the method call must own permission RoleReadName either application wide (first part) or system wide (second part @SYSTEM).

Another example is the security role of IUser#getName():

SESSION (MATCHES THIS AND OWNS UserReadOwnName PERMISSION) OR OWNS UserReadName PERMISSION OR OWNS UserReadName@SYSTEM PERMISSION

This means that the session that executes the method call either must be:

  • login with the user this method is executed on (MATCHES THIS) and the session must own the permission UserReadOwnName (OWNS UserReadOwnName PERMISSION) or
  • owns the permission UserReadName (OWNS UserReadName PERMISSION) or
  • owns the permission UserReadName system wide (OWNS UserReadName@SYSTEM PERMISSION)

Next example is method IWorkflowSession#resumeTask(...):

SESSION IS SYSTEM

This means that only internal Axon.ivy code (SYSTEM) can execute this method.

link

answered 21.10.2014 at 10:01

Reto%20Weiss's gravatar image

Reto Weiss ♦♦
4.9k202857
accept rate: 74%

How can I assign these permissions if the user is already logged in?

(21.10.2014 at 10:40) HaraldWeber HaraldWeber's gravatar image

Normally the permission can be assigned in the Admin UI of the engine. It is also possible to assign the permission over an API. Have a look at IApplication#getSecurityDescriptor() and ISecurityDescriptor.

(21.10.2014 at 11:14) Reto Weiss ♦♦ Reto%20Weiss's gravatar image

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "Title")
  • image?![alt text](/path/img.jpg "Title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Tags:

×40

Asked: 21.10.2014 at 09:58

Seen: 2,507 times

Last updated: 21.10.2014 at 11:14