Role-Based Access Control

Every Iotellect Server user is authenticated and authorized during a login procedure. Once the authorization is complete, the user's session is associated with a certain permissions table. Every attempt of this user to access any part of the unified data model is checked for validity. Access may be granted or denied as a result of this check.

Active system objects, i.e. objects that have their separate lifecycle and interact with other server's objects without direct operator control, are always owned by some system user. Thus, such an active object is performing all actions using its owner's permissions.

Example: Every scheduled job inherits permissions of his owner during execution.

Connections to a Iotellect Server through any API (such as SOAP or REST API) are authenticated and authorized just like any regular human operator connections.

Most system resources have an associated permission level. A permission level describes who may access the resource.

Resources having associated permission levels include:

• Contexts

• Variables

• Functions

• Events

• Actions

Every user account has a permissions table that defines a user's permission levels for groups of contexts specified by context masks, as well as individual context entities (variables, functions, events, and actions).

See Permission Checking for detailed information on how the server decides whether access to a certain system object should be granted.

Was this page helpful?

Tell us more

Send

Thank you!