Table of Contents

Configuring Security with the Authorization Policy Control

All components, which are securable, work with the same authorization policy control. Knowing how to use this control is key to successfully setup security.

Luckily this process is pretty straightforward. When the authorization policy control is initially loaded, it will not have anything defined.

Anonymous Access

Note

By default an anonymous user is not authorized to access any securable component in the Ometa Framework.

To allow anonymous access to a component, you need to enable the checkbox Allow Anonymous Access.

Allow Anonymous Access

When anonymous access is enabled, a request, without identity information, will not be challenged for authentication.

Action When Unauthorized

When configuring certain securable components which can have an impact on visualization, an extra option called Action When Unauthorized is shown in the Authorization Policy Control.

Choose what the visual component should do when the requester is unauthorized to that component.

Action When Unauthorized

Configured Option Description
None The user will still see the component when unauthorized, but upon invoking its action, he will get an error stating that he's not allowed to do that.
Hide The user will not be able to see the component when unauthorized.
Disable The user will see a disabled component when unauthorized and will not be able to invoke its action.

Using a Condition Set from Master Data

If you already have a master data condition set which you want to use, simply tick the checkbox Use condition set from master data and choose the one you'd like to use.

Use Master Data Condition Set

Promoting a Condition Set to Master Data

Once you configured conditions from which you think you are going to need at other places, it is wise to promote them to master data. To do this, simply click on the Promote to Master Data button, give it a name and you're good to go. You're now able to use this new condition set at other securable places.

Promote To Master Data

Default Master Data Condition Sets

By default, the Ometa framework prepares a few standard condition sets:

  • Ometa Administrator: this condition only allows Ometa system administrators. It uses the Administrator option from the Persons & Users window, which is necessary to access the Business Connector. A new access token is required when changing this setting.
  • Ometa Case Management Administrator: this condition allows case canagement administrators. It uses the Case Management Administrator option from the Persons & Users window. These are administrators that can modify cases or permissions, but can't change Ometa configuration. A new access token is required when changing this setting.
  • Ometa Case User Manager: this condition checks that the current user has permissions to the current case, and that the permission has enabled the Allow User Management checkbox. This setting can be found in the Lifecycle > State Details > Permissions tab. A default can be configured on the Role.

The framework uses these for the security of system functionality, as such they can't be modified. The policies can be found in relation to Memberships, Case Management Dashboard and DCS.System objects.

The policies on the system objects are only set once during an upgrade, subsequent upgrades will not override changes to the security policies. As such, the policies per object or view can be modified by configurators.