Authorization Overview¶
intra-mart Accel Platform clips out the process to make authorization judgment for users as an authorization system in order to consolidate user authorization management under a unified concept.
Access Right Model¶
This section explains the access models used within intra-mart Accel Platform.
intra-mart Accel Platform manages whether to permit or not to permit against contexts such as "WHO" "WHAT" and "DO WHAT" as the authorization setting information.
For example, user authorities can be described as below according to the model.
Example 1 Example 2 WHO Administrator role user Employee of Sales department WHAT Menu management function Sales journal DO WHAT Use (Implement) Display / update Permit / deny Permit Permit
WHO (Subject)¶
"WHO" information is called Subject. (In the Authorization management screen, it is displayed as "subject") Within intra-mart Accel Platform, information for "WHO" has several types. For example, in the status with IM Common Master is installed, the following types of the information exist.
- Guest user, authenticated user (authorization status)
- Role
- Department
- Position title
- Public group
- Function
WHAT (Resource)¶
"WHAT" information is called Resource. Resource is a subject that User is willing to make an action to, and it is added to the system by the developer or applications created by the developer. For example, with intra-mart Accel Platform, URL designated by the router is the most basic Resource. To manage user access rights for a webpage, the administrator configures to permit or not to permit the accesses to the URL.DO WHAT (Action)¶
"DO WHAT" information is called Action. Action is an operation that the user is willing to implement to the resource. Depends on the resource, the action to be taken differs. For example, for URL type resource defined by the rooter shall accept only execute action. There is a resource called "Menu group" that is created when managing the menu. For such resource, there are 2 types of actions defined such as administer (admin) and read (read).Structure of the Authorization System
In order to manage the authorization based on the models above, the authorization process of intra-mart Accel Platform is structured by the following 3 standpoints.
- Administrator to manage the authorization setting information (access right settings)
- User requesting an action to resource on the system
- Authorization process to make authorization judgment to permit or not to permit the request, based on the settings provided by the administrator.
given to what subject for resource in the system.
Standpoint to request authorization
It is a user's standpoint that accesses the system. User accesses the system and attempt to conduct various operations, but the operations are checked and limited by the settings of the administrator if the operation is permitted or deny.
For the actual usage, when a user attempts to conduct an operation, the operation is reported to the authorization system to get the feedback if the attempted operation is configured to be permitted or not, then the application let the action continued or make it terminated. However it does not mean that the authorization system directly terminates the user's operation but the application requiring the authorization system makes the authorization request on behalf of the user and makes the reactions according to the result.
Standpoint to make authorization judgment
It refer to the authorization setting information that the administrator configured and makes the judgment if an operation and the subject of the operation that the user is intending to conduct if the request should be permitted or not. The authorization system of intra-mart Accel Platform conducts the judgment.