OneList uses claims-based authorization authorisation for access control. Relavant claims are grouped in a Role for easy assignment Claims are assigned to users via roles.
When a user logs on to OneList, OneList issues a log on ticket that contains all the claims that are assigned to the user by enumerating the roles of the user. Whenever the user tries to access an OneList URL, the log on ticket is presented to OneList and OneList grants or denies the user access depending on the ticket contains the required claim.
OneList administrator is The user's claims are encoded in a token issued by OneList during the login process. This token is passed to OneList applications for validation. The application compares the claims in the token against its claim requirement to grant or deny the user access to its functionality.
OneList administrators are responsible for assigning the roles to user.Claims, roles and users are managed by the RoleManager application. By default, the "OneList User" role is assigned to all users.
Built-in claims and roles
Claim Type | Value | Permission | Role Assigned | Description |
---|---|---|---|---|
app://onelist/administrator | read | Read access to OneList |
...
administration functions | OneList Admin | This claim gives view access to OneList |
...
administration via the OneList > System Admin menu. | ||
app://onelist/administrator | update | Maintain |
...
OneList administration functions | OneList Admin | This claim gives full access to |
...
OneList administration via the OneList > System Admin menu. | ||||
app://onelist/approval | Access OneList tasks | OneList User | User can view and approve of their tasks |
...
. User can maintain their task delegations. |
app://onelist/integration |
...
Execute OneList DataSync APIs | OneList Integration | This claim is for OneList adapters to integrate with OneList APIs. | ||
app://iqxbusiness.com/sysadmin | read | Read access to RoleManager | Sys Admin | This claim gives view access to RoleManager and diagnostic logs. |
app://iqxbusiness.com/sysadmin | update | Full access to RoleManager | Sys Admin | Maintain users, roles and other settings in RoleManager. |
app://iqxbusiness.com/comms | Maintain email templates | Sys Admin OneList Admin | Maintain email templates. |