Security

Owned by Martin Haluza
Last updated: Jun 28, 2015
2 min read
Every organization has its own separate security based on users, user roles and access rights.

Users

There are two types of users in the system: standard users and administrators (admins). When a new organization is created, the first admin user is automatically created along with it (the admin username and password is one of the parameters required when a new organization is added). 

Logging via Google, Facebook, Twitter or LinkedIn account

(This feature is in development)

Roles

Users can be grouped using roles. A single role can contain zero or more users, a user can belong to zero or more roles. This is helpful for easier maintenance of access rights - the access rights can be defined on roles level once and then users can be added to roles as needed.

Secrets

When accessing the server via API (such as uploading a report), users are identified by a "secret". It is the application that calls the server via the API and we do not want the application store the users username and password. Thats why the application stores the secret, which can, if compromised, be deleted and regenerated.

When the organization is successfully created via the API, the admin user's secret is returned. The application needs to store this secret to use it later when uploading reports, adding other users, roles, setting security, etc. Please refer to the sample code RICDemo2.prg (https://bitbucket.org/eqeuscom/ricsamples/src/master/RICAPIClientVFP/ricdemo2.PRG) to see how the secret is returned and used.

Access rights

Access rights can be defined either on a folder level or a report level and you can define rights for individual users or roles (user groups). You can set access rights either manually, in the application, or via the API.
Setting access rights manually
If you log in as an admin user, and you open up the properties panel on a folder or a report, you will see two dropdowns (one for roles, one for users) where you can control the access rights.

Setting up access rights via the API
  • Folder level - AddFolderRights(tcFolderPath, tcUsersList, tcRolesList). tcFolderPath is the path to the folder, tcUserList is a comma-delimited list of users, tcRolesList is a comma-delimited list of roles.
  • Report level - AddReportRights(tcReportPath, tcUsersList, tcRolesList) tcReportPath is the path to the report, tcUserList is a comma-delimited list of users, tcRolesList is a comma-delimited list of roles.
You can see how these two methods are called in the sample code RICDemo2.prg (https://bitbucket.org/eqeuscom/ricsamples/src/master/RICAPIClientVFP/ricdemo2.PRG)