Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 42 Next »

Introduction

The security within the the CoreOne Suite is handled by the CoreOne Security Roles. Those roles contain two things, the view permissions and the data access permission. The view permissions are used across all UIs to handle who has access to which views and which actions. The access permissions are used to determinate what data is available to the user or service within the views or APIs. This way you can give certain users access to view and limit them to a subset of the available data.

Those CoreOne Suite Security Roles are application roles. As such they will be represented as resources within the CoreOne Suite Access Management logic.

Built-In Security Roles

Out of the box the CoreOne Suite is deployed with four built-in security roles:

CoreOne Suite Security Role

Access Level inside CoreOne Suite

Description

CoreOne Suite Administrator

Full Access

Full access to the whole CoreOne Suite

CoreOne Suite Approvals

Access to approval requests where the assignee is involved

Assign this role to users that need to take part in an approval process.

CoreOne Suite Service Desk

Access to basic Identity Management and Management Features

Can be used to give Service Desk employees basic rights such as seeing all employees, reset passwords and so on.

CoreOne Suite Self-Service User

Access to the Self-Service Portal

Access to his own Core Identity

Access to his own Identities

Access to orderings and approvals

Gives users basic rights to perform actions like resetting the password for his own accounts or ordering a role for himself

When licenced, the “Advanced Permission Management” Module allows you to create your own Security Roles. When doing so, the view permissions and the data access permission within the CoreOne Suite Admin UI can be configured by yourself.

Starting from version 7, there are also fine granular security roles available which give you the ability to build your own roles more easily. Those granular security roles cover specific use cases such as “Register a legal entity”. Behind that role, all the necessary vier and data access permissions are stored. Those role are maintained by us.

  • No labels