Claims-based Authorization

OneList uses claims-based authorisation for access control. Claims are assigned to users via roles.

The user's claims are encoded in a token issued by OneList during the login process. This token is passed to OneList applications for validation. The application compares the claims in the token against its claim requirement to grant or deny the user access to its functionality.

OneList administrators are responsible for assigning the roles to users. By default, the "OneList User" role is assigned to all users.

Built-in claims and roles

Claim Type
Value
Permission
Role Assigned 
Description
app://onelist/administratorreadRead access to OneList administration functionsOneList AdminThis claim gives view access to OneList administration via the OneList > System Admin menu.
app://onelist/administratorupdateMaintain OneList administration functionsOneList AdminThis claim gives full access to OneList administration via the OneList > System Admin menu.
app://onelist/approval
Access OneList tasks OneList UserUser can view and approve of their tasks. User can maintain their task delegations.
app://onelist/integration
Execute OneList DataSync APIsOneList IntegrationThis claim is for OneList adapters to integrate with OneList APIs.
app://iqxbusiness.com/sysadminreadRead access to RoleManagerSys AdminThis claim gives view access to RoleManager and diagnostic logs.
app://iqxbusiness.com/sysadminupdateFull access to RoleManagerSys AdminMaintain users, roles and other settings in RoleManager.
app://iqxbusiness.com/comms
Maintain email templates

Sys Admin

OneList Admin

Maintain email templates.


IQX OneList Documentation - 6.40