9. Security Subsystem

The CUBA platform uses the following methods to control access rights:

  • The role-based system for assigning user permissions. A set of roles and permissions can be configured by the system administrator during the system deployment or later in production.

  • A hierarchical structure of access groups with constraint inheritance.

  • Access control at the following levels:

    • Operations on entities (read, create, update, delete): for example, user Smith can view documents, but cannot create, update or delete them.

    • Entity attributes (modify, read, access denied): user Smith can view all document attributes except for amount.

    • Access to particular entity instances (access control at the row level): user Smith can view the documents that have been created in their department only.

  • Integration with LDAP with an ability to implement SSO (Single Sign-On) for Windows users.