Permissions Table
Every user account has the permissions table property. This table is used to determine the permission level effective for a given context. This is the permission level with which a user attempts to gain access to that context. If a user's effective permission level includes a resource's permission level, access will be granted.
The permissions table has four columns:
-
Context Mask
-
Entity Type
-
Entity
-
Permission Level
In most cases, Entity Type and Entity are set to Any. Such permissions table record enables a certain permission level for the whole context. However, specifying Entity Type and Entity allows granting permissions for specific Variables, Functions, Events, and Actions, as well as their groups.
When a user tries to access some resource, Iotellect Server uses the permissions table to decide whether access should be granted. See permission checking for details.
 | The context mask and permission level are similar to the "Security Domain" and "User Role" concepts that are widely used to describe the architecture of many security systems. |
The last line of the permissions table must define the permission level for all contexts, i.e. contain the * Context Mask.
Group Member Permissions
The permissions table allows giving an operator access to all members of a context group. To give such permissions, use a context mask consisting of group context path and .* suffix, for example:
users.admin.devgroups.my_device_group.*
Such permissions table record will allow access to all members of the my_device_group group at the permission level specified in the Permissions field.
 | Allowing access to all group members in the way described above creates a potential security risk! Group contents can be changed by operators or even automatically, exposing newly added members for the user that has permission to access all group members. Grant group member permissions to operators only in case of absolute necessity. |
Was this page helpful?