6. Security Subsystem
The CUBA platform uses the following methods to control access rights:
-
The role-based system for assigning user permissions. A set of roles and permissions can be configured by the system administrator during the system deployment or later in production.
-
A hierarchical structure of access groups with constraint inheritance.
-
Access control at the following levels:
-
Operations on entities (read, create, update, delete): for example, user
Smith
can view documents, but cannot create, update or delete them. -
Entity attributes (modify, read, access denied): user
Smith
can view all document attributes except foramount
. -
Access to particular entity instances (access control at the row level): user
Smith
can view the documents that have been created in their department only.
-
-
Integration with LDAP with an ability to implement SSO (Single Sign-On) for Windows users. For more information on SSO see the IDP addon documentation.