Authorization

Authorization in the ImageMaster environment is based on a roles and permission model, which has been designed with flexibility in mind to allow for a variety of specialized integration scenarios. Besides a possible fine-tuning, which can be achieved by the abstract building blocks that are explained beneath, basic role customization will always be necessary for expedient use of the Integration Service. The role administrator may create, update, delete, and list roles.

The administrator will have to set up further permission structures by the system management services for role handling (see chapter Role administration). These will have to meet the specific authorization needs of the customized Integration Service environment. For example, certain permissions, such as “execute” (on at least one Web Service) and “read” (on at least a few of the entities from the document model), will always have to be granted via role definitions. Without such basic permissions the Integration Service do not return any meaningful results other than permission denial messages. The power user role with full authorization rights may be suited for testing purposes or it may serve as a starting point for defining roles with more restricted access.

In the context of authorization the concept of impersonation is supported by the REST interface (see REST headers).