Introduction
The security within the the CoreOne Suite is handled by the CoreOne Security Roles. Those roles contain two things, the view permissions and the data access permission. The view permissions are used across all UIs to handle who has access to which views and which actions. The access permissions are used to determinate what data is available to the user or service within the views or APIs. This way you can give certain users access to view and limit them to a subset of the available data.
Those CoreOne Suite Security Roles are application roles. As such they will be represented as resources within the CoreOne Suite Access Management logic.
Built-In Security Roles
Out of the box the CoreOne Suite is deployed with four built-in security roles:
CoreOne Suite Security Role | Access Level inside CoreOne Suite | Description |
---|---|---|
CoreOne Suite Administrator | Full Access | Full access to the whole CoreOne Suite |
CoreOne Suite Approvals | Access to approval requests where the assignee is involved | Assign this role to users that need to take part in an approval process. |
CoreOne Suite Service Desk | Access to basic Identity Management and Management Features | Can be used to give Service Desk employees basic rights such as seeing all employees, reset passwords and so on. |
CoreOne Suite Self-Service User | Access to the Self-Service Portal Access to his own Core Identity Access to his own Identities Access to orderings and approvals | Gives users basic rights to perform actions like resetting the password for his own accounts or ordering a role for himself |
When licenced, the “Advanced Permission Management” Module allows you to create your own Security Roles. When doing so, the view permissions and the data access permission within the CoreOne Suite Admin UI can be configured by yourself.
Starting from version 7, there are also fine granular security roles available which give you the ability to build your own roles more easily. Those granular security roles cover specific use cases such as “Register a legal entity”. Behind that role, all the necessary vier and data access permissions are stored. Those role are maintained by us.