...
Section | ||||||
---|---|---|---|---|---|---|
| ||||||
|
Introduction
The Core API protects documents against access by unauthorized persons through a permission system. Each user has one or more roles in this system, giving them access to various documents for specified actions. The user-role-mapping manages the assignment of roles to users. In yuuvis® Momentum, this mapping is managed separately from the authentication process itself and can be configured according to the customers' needs. Furthermore, in the configuration of yuuvis® AUTHENTICATION service, access conditions can be defined individually for each API endpoint.
...
The actions of a permission specify access rights for specific purposes, whereby a distinction is currently made between read
access, delete
access and write
access. The actions can be combined by simply adding multiple actions to the permission.
read | permission to receive objects in search results and to call various GET endpoints to a special object |
delete | permission to delete objects content or metadata |
write | permission to update objects or to move the content of objects |
Conditions
Conditions are statements in the proprietary CMIS-based query language that define the subset of documents in the system affected by a permission. If the condition for a document is met (meaning evaluating the query language expression returns 'true'), the owner of the role gets to access that document. For example, conditions can limit access to a permission to a specific type of object or hide documents that are older than a specific date from a user. The conditions are appended to all requests from the role owner and thereby act as filters for the corresponding search results.
...