Roles and Claims

Introduction

Dynamo uses Roles and Claims based Access Controls Lists to determine access to certain portions of the application. It determines who has what rights and what they can do with such rights.

Roles and Claims

Roles and claims determine abilities and how they are assigned to users.

Claims

Claims are the abilities themselves that users can perform. When a process or processor is created and is intended to accessible only by certain kinds of users, a claim should be created and tied to that process or processor. With this, only the users with the ability determined by the claim will have access to that process or processor. Claims can either be created from the Manage Claims module of the Dynamo developer interface or automatically when processes and processors are being created by checking the create claim if it does not exist checkbox.

Roles

Roles are used to aggregate collections of claims. While claims themselves can be assigned directly to users, sometimes it is useful to create a group of users with the same privileges. This is where Roles become useful. A user is assigned to a particular role and automatically have all the abilities defined by the claims in that role. Roles are managed from the Manage Role module in the Dynamo developer interface.

Users

Users are assigned to at least one role and can also be assigned a claim directly.

Claim Object

Property NameTypeDescription
_idMongo ObjectIDMongoDB generated ID for the Claim.
typeStringString determining if the claim is attached to a process or a processor.
descriptionStringThe human readable description for the claim. Defaults to the process or processor title
valueStringThe Process or Processor UID or _id.toString()

Role Object

Property NameTypeDescription
_idMongo ObjectIDMongoDB generated ID for the Role.
nameStringThe name of the role
domainMongoDB ObjectIDThe domain that the role will be tied to
claimsArray of ObjectIDsThe claims in a particular role
Edit this page