1 of 7

Authorization and Access control

Security in ONEWEB controls the access to applications through the inter-related mechanisms of authentication and authorization. Once a user is authenticated, ONEWEB uses authorization and access control methods to protect and secure resources. Resources are made available to users based on roles that have the right permissions. ONEWEB supports LDAP authentication as well as local repository authentication in ONEWEB.

According to the Access control model in ONEWEB, users are assigned roles and roles have permissions to access objects. This will define what a user and role can and cannot do.

Roles, Permissions and Objects

The Access Control model in ONEWEB is based on Roles, Permissions, and Objects. You can control the rights of users using this model.

The Role is a job function that defines an authority level and can be used to assign the level of permissions on each object. You can easily define a role and assign it to many users who have the same permissions.

Permission is approval on the mode of access of an object or a group of objects. You can group similar usage of objects together as single permission to easily manage and assigned to many roles and users.

The Object is a thing that needs to be access-controlled and protected. The object can be anything you need to control permission such as a button, textbox, menu, page, file, etc.

The things to keep in mind are: A user can have many roles. A role can be assigned to multiple users. One role can have multiple permissions and many objects. One permission can be assigned to multiple roles. One permission can have many objects.

Managing Access Control with IAM

IAM (Identity Access Management) is the Authentication and Access Control module of ONEWEB. It is used to create and manage users, manage roles and permissions, and the different objects in a system.

IAM2 comes with a web application module for easy setting up of objects, roles, and permissions. Alternately, admin users can set up roles and permissions using the IAM2 Web Service API as well. IAM2 can be configured to work with existing LDAP in case the organization has an LDAP already configured.

Create User

To create the user go to IAM in the Setting section of ONEWEB. Then go to the Admin menu section within IAM. (Note: To see the Admin Menu you need to have Admin privileges.)

1. Go to User Profile under the Admin menu. 2. Click Create New User button.

3. Complete user information such as Username, First name, Last name, password, etc., and attach photo. Select "Local Repository" as the Repository option, to store username and password into ONEWEB built-in repository. If you use an external repository like LDAP you can configure the LDAP connection and select LDAP Repository as well. When completed click Save Change to create the user.

You can see the new user on the User Profile screen.

Manage User Roles & Permissions

To manage the Role, Permission, and Object of the User follow the below steps.

1. Go to User Profile under the Admin menu. 2. Click expand button on the user who you want to add or remove role/permission/object.

Adding role 1. Click on Add Roles on the user you want to add roles.

2. Select the roles you want to add, it will appear on the right side. Then click Confirm Add Roles to add the roles to the user.

3. Roles you selected will be added to the user.

To delete role 1. Select the Role you want to remove from the user. Then click Remove Roles.

2. Delete Confirmation button will appear. If you want to remove a Role from the user, click on the Delete UserRoles button. If not, you can click Undo to cancel removing the role.

To Add Permission/Object 1. You can add specific permission or object which does not belong in the role to the user. Just click Add Permission/Object button.

2. Object/Permission popup will appear. You can choose Permission and Object from this popup.

3. To add Permission/Object, browse or search for the permission you want to add to the user from the system where you have permission. The Permission/Object you select will be displayed on the right side. Once you complete, just click Confirm Add Object/Permission to add the Permission/Object to the user.

The Permission/Object you add will be added to user.

To delete Permission/Object 1. Select the Permission/Object you want to remove from the user and click to Remove Permission/Object.

2. Delete Confirmation button will appear. If you want to remove Permission/Object from the user, click Delete Object/Permission button. If not, you can click Undo to cancel removing the Object/Permission.

Manage Permission and Object

To Manage Permission and Object follow the below steps.

Open IAM using admin user. 1. Go to Permission menu under Admin menu.

2. There are two sides to consider. Left side is Permission control and Right side is Object control. You can create a new permission and a new object via new button.

To create a new Permission 1. Click New Permission button. Then New Permission popup will appear.

2. Select system for the permission you want to create.

3. Select the parent permission to place the new permission under an existing one or you can leave it blank to make the new permission as a top-level permission.

4. Give a permission name. Click Save Permission to create a new Permission.

5. Go to Permission tree menu you will find the new Permission under the system you chose.

To create Object 1. Click on New Object button. The New Object popup will appear.

2. Select the system for the object you want to create.

3. Give information about the new

Object Object Id - System will automatically generate object id
Object Ref Id - Object Ref Id is an id provided by the client system to reference this object
Object Name - Name of this object
Object Type - Type of this object
Object Property - Object Property allow you to customize any specific value of this object and it will be returned to client system when they get the permission.
Access Type - Access Type of this object. Then click Save Object to create a new Object.

4. Go to Object tree menu you will find the new Object under the system you chose.

Manage Role

To create Role Open IAM using admin user. 1. Go to Role under Admin menu.

2. Click Create New Role button.

3. To create Role Select

System you want to add Role to.
Select Parent Role if you want to create this role under another role.
Input Role Name
Input Role Description Then click Save Role

4. New Role will appear under the System and Parent Role you selected.

To add user to Role 1. Go to Role under Admin menu. Then click on the role you want to add the user to. 2. On the right side system will display the list of current users in that role. Click Add Users.

3. "Add Users To Role" Popup will be displayed. Search and select the user you want to add. Then click Confirm Users To Roles.

To Add Permission to Role 1. Select the Role you want to add Permission. 2. Click on Permission tab on the right side panel. 3. Click Add Permissions / Objects to add permission or object.

4. Search and Select Permission or Object you want to add. Then click Confirm Add Object/Permission.