engrus

 

Security architecture

To protect data from the unauthorized access the platform supports access management mechanisms both on the level of users and user groups.

The user class is determined by the group class. It is possible to create several user groups of one class.

Group class

Description

Administrators

Full access to the all functions including editing user and group lists.

Powered users

Creating, editing and deleting of IAS elements and control the access to it.

Users

Viewing and editing the information represented by IAS elements.

Guests

Viewing the information represented by IAS elements.

There are four access types to the IAS elements.

  1. Owner (editing, executing, controlling the access). This access type is automatically granted to the user who created IAS element. Only the administrators can drop this access right.
  2. Full access (editing, executing, controlling the access).
  3. Editing (executing and editing)
  4. Executing (executing only)

If user has not Executing access right to the element he can not see this element in the hierarchy.
Further, it is possible to specify the start element for the user or user group. If start element is a folder then user can see only this node and children nodes of the hierarchy tree. If it is element of any other type then hierarchy tree will not be shown, user can only work with this element and elements which can be executed from it.
The ability to access to the element is determined by two factors: user access level and group access level. And group access level prevails over user one. Access checking is conducted by the following scenario:

  1. User access right is checking. If it is sufficient for the operation then access is granted. Otherwise – step 2.
  2. Group access right is checking. If it is sufficient then access is granted.

So, specifying access rights and start elements it is possible to create unique client applications.