Claims-based Authorization

OneList uses claims-based authorisation for access control. Claims are assigned to users via roles.

The user's claims are encoded in a token issued by OneList during the login process. This token is passed to OneList applications for validation. The application compares the claims in the token against its claim requirement to grant or deny the user access to its functionality.

OneList administrators are responsible for assigning the roles to users. By default, the "OneList User" role is assigned to all users.

Built-in claims and roles

Claim Type	Value	Permission	Role Assigned	Description
app://onelist/administrator	read	Read access to OneList administration functions	OneList Admin	This claim gives view access to OneList administration via the OneList > System Admin menu.
app://onelist/administrator	update	Maintain OneList administration functions	OneList Admin	This claim gives full access to OneList administration via the OneList > System Admin menu.
app://onelist/approval		Access OneList tasks	OneList User	User can view and approve of their tasks. User can maintain their task delegations.
app://onelist/integration		Execute OneList DataSync APIs	OneList Integration	This claim is for OneList adapters to integrate with OneList APIs.
app://iqxbusiness.com/sysadmin	read	Read access to RoleManager	Sys Admin	This claim gives view access to RoleManager.
app://iqxbusiness.com/sysadmin	update	Full access to RoleManager	Sys Admin	Maintain users, roles and other settings in RoleManager.
app://iqxbusiness.com/comms		Maintain email templates	Sys Admin OneList Admin	Maintain email templates.
app://iqxbusiness.com/diagnostic		Access to the diagnostic logs	Sys Admin OneList Admin	This claim gives access to viewing the Diagnostic logs and setting up error alerts.