The main CUBA security subsystem components are shown in the diagram below.

Below is an overview of these components.

Security management screens – screens available to system administrator for configuring user access rights.

Login screen − system login window. This window provides user authentication by username and password. The database stores password hashes for security.

The UserSession object is created upon login. This is the central security element associated with the currently authenticated user and containing information on data access rights.

The user login process is described in the Login section.

Roles − user roles. A role is an object which defines a set of permission. A user can have multiple roles.

Access Groups − user access groups. The groups have a hierarchical structure, with each element defining a set of constraints, allowing to control access to individual entity instances (at table row level).