GETTING STARTED
ACCESS CONTROL

The mydigitalstructure access control is based on a "common security language (CSL)" - which works as the gatekeeper for the "common functional language (CFL)" eg the endpoints and methods.

Every functional request and parameter can be protected via the access layer, by describing the access allowed for each user or group of users. 

OAuth2.0 access uses this same common security language, by specification of the scope in an access request.

System administrators can manage access to any method within an endpoint which is included with the membership subscription for the space being secured.

You can also restrict access to parameters and specific values of parameters - eg user A can only see orders where status is approved.  You can set global parameter level access that acts across all methods and endpoints.

In spaces that have single or limited users then the user parameter unrestrictedaccess can be set to yes - this then allows unlimited access to all subscribed endpoints and methods.

For spaces with many users and different levels of access then the following can be used to match the use case to the functional and access control.

OVERVIEW

Security Overview

 

Getting Started

Access Set up (SETUP)

Authentication (LOGON)

OAuth 2.0

 
  SETTING UP USER ACCESS

This is a natural extension of the SETUP_USER_ methods used for setting up users.

SETUP_ENDPOINT_SEARCH Returns a list of available endpoints based on the spaces memberships eg CONTACT.
SETUP_METHOD_SEARCH Returns a list of available methods based on the spaces memberships eg CONTACT_PERSON_MANAGE.
SETUP_METHOD_ACCESS_SEARCH/_MANAGE Set up the mapping between the functional system requirements and the access control - set up many method access roles which allow access to methods and also allow or disallow access to parameters.
SETUP_ROLE_SEARCH/_MANAGE Define roles
SETUP_ROLE_METHOD_ACCESS_SEARCH/_MANAGE Link users to the functional access rules - as set up above.
SETUP_ROLE_PARAMETER_ACCESS_SEARCH/_MANAGE For each functional access rule - set up additional resrictions to parameters in the context of that rule.
SETUP_USER_ROLE_SEARCH/_MANAGE Give each user the appropriate roles.

 

 

  

 

 
  RESELLERS

Methods for linking endpoints to memberships:

SETUP_MEMBERSHIP_ENDPOINT_MANAGE & SETUP_MEMBERSHIP_ENDPOINT_SEARCH