In addition to the server's own native security system of user profiles and passwords, the Framework can maintain its own user profiles, their passwords1.
Framework security is activated during the design/development cycle.
User profiles and Groups are maintained by a Framework Administrator.
A Framework Administrator is a user profile flagged as Administrator.
Groups
The Framework allows you to create user groups. A user can be a member of more than one group, or none. Groups are useful in simplifying the maintenance of a subset of users with the same or similar access rights to Framework objects.
Administrators can grant or deny any user or group of users access to multiple Framework objects including the entire Framework. See Maintain Groups.
Authorites
In the Framework security model, the default authority a user has to an object is determined by the authority of the user to the parent object.
Not all Framework objects belong to its Security Model. These are the object types an Administrator can grant or deny access to any user:
|
The Framework |
When denied, the Framework will not load up for the user(s). When allowed, by default all Framework commands and application children will also be, except those which have it denied. |
|
Applications |
When denied an application will be filtered out during framework sign on and not show in the user's framework. When allowed, by default all its Business Objects and command children will also be, except those which have it denied. |
|
Business Objects |
When denied the business object will be filtered out during framework sign on and won't show in the user's application. When allowed, by default all its command children will also be, except those which have it denied |
|
Command Handlers |
When denied the command handler will be filtered out during framework sign on and won't show in the user's Application or Business object. |
The exception to this model are objects that do not adopt parent authority: objects flagged as having restricted access are not accessible to any non-administrator user by default. Framework users must be specifically authorized by the Framework Administrator to use a Restricted Access object.
Note 1: The storage of passwords is provided for backward compatibility purposes only. You should not use this feature in new applications. Instead validate passwords against the platform operating system.