Claims-based Authorization
OneList uses claims-based authorisation for access control. Claims are assigned to users via roles.
The user's claims are encoded in a token issued by OneList during the login process. This token is passed to OneList applications for validation. The application compares the claims in the token against its claim requirement to grant or deny the user access to its functionality.
OneList administrators are responsible for assigning the roles to users. By default, the "OneList User" role is assigned to all users.
Built-in claims and roles
Claim Type | Value | Permission | Role Assigned | Description |
|---|---|---|---|---|
| app://onelist/administrator | read | Read access to OneList administration functions | OneList Admin | This claim gives view access to OneList administration via the OneList > System Admin menu. |
| app://onelist/administrator | update | Maintain OneList administration functions | OneList Admin | This claim gives full access to OneList administration via the OneList > System Admin menu. |
| app://onelist/approval | Access OneList tasks | OneList User | User can view and approve of their tasks. User can maintain their task delegations. | |
| app://onelist/integration | Execute OneList DataSync APIs | OneList Integration | This claim is for OneList adapters to integrate with OneList APIs. | |
| app://iqxbusiness.com/sysadmin | read | Read access to RoleManager | Sys Admin | This claim gives view access to RoleManager. |
| app://iqxbusiness.com/sysadmin | update | Full access to RoleManager | Sys Admin | Maintain users, roles and other settings in RoleManager. |
| app://iqxbusiness.com/comms | Maintain email templates | Sys Admin OneList Admin | Maintain email templates. | |
| Access to the diagnostic logs | Sys Admin OneList Admin | This claim gives access to viewing the Diagnostic logs and setting up error alerts. |