DatumNode Service
New approach in enterprise level development		 Home   Mail   
           
   
     
  Security

One of the most attractive features of DatumNode Service is fine-grained security model. DatumNode Service has role-based security. Based on WCF infrastructure DatumNode Service supports most of the security features of this new Microsoft technology

Authentication

When a client application connects to DatumNode Service, first it must be authenticated. DatumNode Service relies on WCF security model and by default uses Windows credentials. Users of two predefined roles – DatumNode Users and DatumNode Administrators can access the service. These roles are created during installation and can be changed at any time by changing configuration file. After the authentication every client request is given a set of Windows groups which it belongs to. Due to flexible architecture of WCF DatumNode Service can authenticate users not only by Windows users of groups (although in many cases it’s considered as most preferred way) but by using any custom users or roles. Authentication itself is made in separate assembly, which is described in the configuration file. You can write your custom class which will authenticate clients according to its inner logic.

Authorization

After the successful authentication every client request is given a set of Windows groups (or other identities) it belongs to. Authorization is based on ACL’s – access control lists. Every object in DatumNode service (include parameters and data sources) has its own set of security privileges and some user’s identifies (by default Windows users\groups) – ACL, which is given by the administrator or by other user who have sufficient privileges.

DatumNode Service supports permissions listed below:
  • Browse – is required for viewing object’s names in the DatumNode Explorer
  • Change Permissions – allows users to change object’s permissions
  • Create Subitems – allows creating child items of the current object (for example, creating entities for the project)
  • Delete – allows deleting objects
  • Execute – allows users to execute objects (some objects can’t be executed therefore this permission is not applicable for them)
  • Read Attributes – allows reading object’s attributes
  • Read Permissions – allows users to read object’s permissions
  • Write Attributes – allows users to write object’s attributes.

Security


 
     
 
 
Try Now
 
Buy
 
Documentation
           
      Copyright © 2007 DatumNode. All Rights Reserved.