Permission Types
Permissions are access rights and can be set for each container individually. Permissions determine which users or roles have access to that container and what kind of access each user/role has. Permissions can be defined for containers, configuration objects, credentials, queues, services, functions, resources, and child containers. In FlowForce Server Advanced Edition, permissions can also be set for certificates and AS2 partner objects.
FlowForce checks container permissions when users interact with containers (for example, creating or editing jobs). Permissions are not evaluated when jobs are executed. Therefore, changes to permissions do not affect jobs that already exist.
The subsections below describe the permission types available for each container.
Container and Configuration permissions
The access rights granted by the Container and Configuration permissions are summarized in the table below.
•Container: Controls what users can do with objects contained in the current container.
•Configuration: Controls what a user can do with configuration objects (such as jobs and credentials) in the current container.
Inherit | Grants the user the same access rights as those defined on the parent container.
|
Read | Container: Allows the user to see the contents of the container.
Configuration: Allows the user to view details about configuration objects.
|
Read, Write | Container: Allows the user to see the contents of the container and to create or delete objects in the container.
Configuration: Allows the user to modify any configuration object within the container (for example, edit the trigger of a job).
Note: To be able to create a new configuration object or delete an existing one, users must be granted both the Container - Read, Write and Configuration - Read, Write permissions.
|
Disable inheritance | Prevents this user or role from inheriting container permissions from the parent container. This does not explicitly deny access; permissions inherited through roles still apply.
|
Service, Credential, Queue, Function, Certificate, AS2 Partner, Resources permissions
The access rights granted by the permissions Service, Credential, Queue, Function, Certificate, AS2 Partner, and Resources are summarized in the table below.
•Service: Controls access to a job exposed as a Web service via the HTTP request interface. If a job exposes an AS2 service, this permission also controls access to the AS2 service exposed by the job (see Receiving AS2 Messages).
•Credential: Controls what a user can do with credentials defined in the current container.
•Queue: Controls what a user can do with queues defined in the current container.
•Function: Controls whether users can invoke functions from the current container. Functions include built-in FlowForce functions, RaptorXML functions, MapForce mappings and StyleVision transformations deployed to FlowForce.
•Certificate (Advanced Edition): Controls how a user can access digital security certificates in the current container. For more information, see Configuring AS2 Certificates.
•AS2 Partner (Advanced Edition): Controls how a user can access AS2 partner objects defined in the current container. For more information, see Configuring AS2 Partners.
•Resources: Controls what a user can do with resources defined in the current container.
Inherit | Grants the user the same access rights as those defined on the parent container. |
Use | Grants the rights to use the object defined in the current container.
Notes about services
•Service permission checks skip any container hierarchy checks. Therefore, if granted Use permission, users may use the service without having Read access to the container in which the corresponding job is defined. •If you grant Use permission to user |
Disable inheritance | Prevents this user or role from inheriting container permissions from the parent container. This does not explicitly deny access; permissions inherited through roles still apply.
|
Security
The Security permission controls access to permissions of any child containers defined in the current container. By default, users are allowed to read only the permissions assigned to them or any role they are a member of. However, users who have the Read users and roles privilege can read all permission entries.
The available access rights are summarized in the table below.
Inherit | Grants the user the same access rights as those defined on the parent container. |
Read Security | Allows the user to view the permissions of any child of the container. |
Read and Write Security | Allows the user to change the permissions of any child of the container. |
Disable inheritance | Prevents this user or role from inheriting container permissions from the parent container. This does not explicitly deny access; permissions inherited through roles still apply.
|