DOCS

Authorizing Users to Access Repository Data

In Rochade, all data is organized in subject areas. To allow a user access to a specific subject area, you must assign the user to that subject area and to the database in which it resides. Rochade provides two approaches for the assignment:

  • Direct assignment: You assign the users directly to each database and subject area to which you want them to have access. For each subject area, you also can specify the users who are administrators of the subject area.
  • Indirect assignment: You assign the users to roles and, in turn, assign the roles to the databases and subject areas to which the users should have access. This approach is called the role-based access control, or RBAC, concept.

Most of the settings related to user administration are valid both for directly-assigned users and when using RBAC. Certain functions, however, are available only when providing users with role-based access to a subject area. So, if you plan on employing RBAC in your environment, also take these items into consideration:

  • You can assign member classes to roles in the same way as you can assign them to the directly assigned users of a subject area. Member classes enable you to:
    • Assign users a specific subject area view to restrict the visibility of item types in the subject area.
    • Assign users a specific item type profile to restrict the visibility of the attributes of an item type.
  • You can define item access rights in the form of permissions that you define directly at the roles. Item access rights that are defined in a member class or an item type profile are ignored for users with role-based access.
  • You can specify additional settings (for example, attribute rules, user exits, and so on) in the item type profiles. These settings also are valid for users with role-based access.
  • Non-owner item access rights that you define in a subject area or an item type profile are ignored for users with role-based access. RBAC does not distinguish between the user who created an item and other users.
  • You can define hierarchies of roles in which subordinate roles inherit permissions from superordinate roles. For example, refer to the following illustration.This image shows an example for hierarchies of roles.

    You can interpret the hierarchy in the following way:

    • The users John and Jim can read and edit items in the subject area IT-ADMIN V1. They do not, however, have access to the subject area IT-ADMIN V2.
    • The user Jane can create and delete items in the subject area IT-ADMIN V2 and, through the inheritance relationships, also is allowed to read and edit items in both IT-ADMIN V1 and IT-ADMIN V2.

For more information on the RBAC concept, see the ASG-Rochade Role Based Access Control Tutorial in the online documentation of Java API. You can find the tutorial under the heading Integration of the Java API in the Rochade Environment on the start page of the Java API online documentation.

Terms|Privacy Policy|Contact Us
Copyright © 2021 ASG Technologies. All rights reserved