OneList uses claims-based authorization for access control. Relavant claims are grouped in a Role for easy assignment to users.
When a user logs on to OneList, he/she is issued a token to access other OneList functionalities. The token contains the Claims from the roles assigned to the user. OneList requires this token to contain the required claim before granting the user access to its functionality.
OneList administrator is responsible for assigning the roles to user. By default, the "OneList User" role is assigned to all users.
Built-in claims and roles
Claim Type | Value | Permission | Role Assigned | Description |
|---|---|---|---|---|
| app://onelist/administrator | read | Read access to OneList configuration settings | OneList Admin | This claim gives view access OneList configuration settings via the OneList > System Admin menu |
| app://onelist/administrator | update | Maintain OneList configuration settings | OneList Admin | This claim gives full access to OneList configuration settings via the OneList > System Admin menu |
| app://onelist/approval | Access OneList tasks | OneList User | User can view and approve tasks, maintain task delegations | |
| app://onelist/integration | Access OneList DataSync APIs | OneList Integration | This claim is for OneList adapters to integrate with OneList APIs | |
| app://iqxbusiness.com/sysadmin | read | Read access to RoleManager | Sys Admin | This claim gives view access to RoleManager and diagnostic logs |
| app://iqxbusiness.com/sysadmin | update | Full access to RoleManager | Sys Admin | Maintain users, roles and other settings in RoleManager |
| app://iqxbusiness.com/comms | Maintain email templates | Sys Admin OneList Admin | Maintain email templates |