...
The CoreOne Suite also allows for context aware resource assignments / permissions. This means, in addition to simply be in the possession of a permission like a role_claim, the possession can have a context. The context itself can be various things like I posses this permission for another user or in the context of an organization or company.
A few examples:
John (1) has the permission to read his own taxes in the tax application → no user context of John
John (1) has the permission to read Sallys (3) taxes in the tax application → user context of Sally
John has the permission to read the taxes of ITSENSE (7) in the tax application → organizational context of ITSENSE
Permission without a context in the context of the user himself are simply published in the tokens roles claim by default. Permissions with a context can be requested by requesting the roles_with_context scope.
...
| Code Block |
|---|
"roles_with_context": [
"{ "Role": "Read Tax", "Context": [ { "ContextObjectType": "User", "ContextObjectIdentifier": "1" } ] }",
"{ "Role": "Read Tax", "Context": [ { "ContextObjectType": "User", "ContextObjectIdentifier": "3" } ] }",
"{ "Role": "Read Tax", "Context": [ { "ContextObjectType": "Organizational Unit", "ContextObjectIdentifier": "7" } ] }"
] |
...