IdentityAccess table¶
This table stores the access that a subject has over the different resources.
| Column | Description | Format | Required |
|---|---|---|---|
| Id | IdentityAccess identifier | int | Yes |
| IdSubject | Identifier of the subject | int | Yes |
| SecurityPath | Path of identifiers of the selected element to be authorized. The path follows the Metadata hierarchy model, e.g. 1/10/100 represents the Entity with Id 100 that is associated with the Provider with Id 10 that belongs to the DSU with Id 1 | varchar(25) | |
| Filter | JSON structure containing a list of pairs -attribute and values- used for filtering. The values property is also list | nvarchar(max) | |
| IdDataStorageUnit | Computed value. Identifier of the selected Data Storage Unit to which the access levels will be applied based on the value of the SecurityPath | int | |
| IdProvider | Computed value. Identifier of the selected Provider to which the access levels will be applied based on the value of the SecurityPath | int | |
| IdEntity | Computed value. Identifier of the selected Entity to which the access levels will be applied based on the value of the SecurityPath | int | |
| CanRead | Read permissions of the element type -DSU, Entity, Provider-. It's a boolean value, the default value is false. | bit | Yes |
| CanWrite | Write permissions of the element type -DSU, Entity, Provider-. It's a boolean value, the default value is false. | bit | Yes |
| CanDelete | Delete permissions of the element type -DSU, Entity, Provider-. It's a boolean value, the default value is false. | bit | Yes |
Filter column¶
A sample of value for the Filter column would be:
[
{
"attribute": "country",
"values": ["Ireland", "Spain"]
},
{
"attribute": "department",
"values": ["marketing", "finances"]
}
]
The previous Filter sample means that the subject has access only to those Entities that have the value of the Attribute country equals to Ireland or Spain and the value of the Attribute department equals to marketing or finances.
The access level can have the following values:
| AccessLevel | Definition |
|---|---|
| None | No access |
| Read | Subject can only read |
| ReadWrite | Subject can Read, Insert and Update |
| ReadWriteDelete | Subject can Read, Insert, Update and Delete |
The authorization is based on SecurityPath which is a path of identifiers separated by /. The order of the identifiers in the path follows the Metadata model hierarchy:
For example, the SecurityPath 1/10/100 identifies an Entity with Id 100 which belongs to a Provider with Id 10 that is contained in a DSU with Id 1.