Role Based Security
pasPortal uses role-based security to secure access to protected content both inside the system and in pasUNITY Enterprise Suite products that tie into the security system.
To assign permissions we begin by defining the roles that represent functional collections of accounts to which we can assign permissions. Roles are created and maintained using the Role Manager module which is accessible to administrative users. Roles are analogous to groups in other systems (such as Windows Active Directory) but in this documentation we always refer to them as roles.
The procedure for establishing permissions on the various securable objects in the system depends on the object itself. The most common object on which to assign permissions are tabs which is done using the Tab Designer toolbar. Regardless of the securable to which you will assign permissions the process is the same. The administrative end-user selects the role to apply the permission for and the permission level to assign and adds the combination of role, securable object, and permission level to the system.
•Anonymous Users: Any user who has not yet authenticated with the system in a member of this role. This system maintained role cannot be edited or manipulated by any user.
•Authenticated Users: Any user who has authenticated with the system has implicit membership in this role. This system maintained role cannot be edited or manipulated by any user.
•Dashboard Managers: Any user assigned to the Dashboard Admin role in a specific dashboard has implicit membership in this role.
•Enumeration Users: Any user assigned to this role can view a list of all roles and accounts in the system. This is reserved solely for use by internal system components. Only members of Site Administrators can make assignments to this role.
•Security Administrators: Users in this role can edit security account information on any account anywhere in the system with the exception of accounts that are members of the Site Administrators role. Only members of the Site Administrators role can make assignments to this role. This role is reserved solely for use by technical support and customer service staff.
•Site Administrators: Users in this role can edit any detail of any editable object in the entire system. Only members of the Site Administrators role can make assignments to this role. This role is reserved solely for use by the technical support staff that maintains the system.
•Dashboard Access: Any user who is to be granted explicit access to a dashboard must be assigned to this role. No other dashboard-level role assignments can be made until an account has been placed into this role. Only members of Site Administrators, Security Administrators, and Dashboard Admin roles can make assignments to this role.
•Dashboard Admin: Any account that already has membership in the Dashboard Access role of a given dashboard can be assigned to this role but once they are in it they can administer any securable object within the dashboard and manipulate security details on accounts with access to the dashboard that are not members of either the Site Administrators or Security Administrators roles. Only members of Site Administrators, Security Administrators, and Dashboard Admin roles can make assignments to this role.
Site-level system roles cannot be provisioned using Single Sign On role rules but Dashboard-level system roles can as detailed in the Role Manager module.
Copyright © 2023 pasUNITY, Inc.
Send comments on this topic.