Role
A role entity always belongs to a single application and represents the application's coarse-grained authorizations.
When a user passes authentication successfully, the issued security token will contain a list of the user's roles. Every role in the security token will have the character pattern:
<application_name>.<role_name>
The enforcement of the fine-grained authorizations is the responsibility of the applications themselves: they will have to interprete the roles contained in the security token.
info
nevisIDM roles have additional attributes, the so-called data rooms (See the chapter: Authorization in nevisIDM for further details). These data rooms represent the fine-grained authorizations of nevisIDM itself and are never used for roles of other applications.
Database table TIDMA_ROLE
| DB attribute | Java data type (max. size), defaults | Description |
|---|---|---|
| application_id | Long, not NULL | The application the role belongs to. Foreign key that links to information in the table TIDMA_APPLICATION |
| description | String(1000), nullabe | |
| dr_appl_initial_global_flag | Boolean, not NULL | Only relevant for nevisIDM roles. The initial global flag for the application data room of the role. |
| dr_appl_modifiable | Boolean, not NULL | Only relevant for nevisIDM roles. Determines if the application data room of this role is modifiable. |
| dr_client_initial_global_flag | Boolean, not NULL | Only relevant for nevisIDM roles. The initial global flag for the client data room of the role. |
| dr_client_modifiable | Boolean, not NULL | Only relevant for nevisIDM roles. Determines whether the client data room of the role is modifiable. |
| dr_erole_initial_global_flag | Boolean, not NULL | Only relevant for nevisIDM roles. The initial global flag for the enterprise role data room of the role. |
| dr_erole_modifiable | Boolean, not NULL | Only relevant for nevisIDM roles. Determines if the enterprise role data room of this role is modifiable. |
| dr_unit_initial_global_flag | Boolean, not NULL | Only relevant for nevisIDM roles. The initial global flag for the unit data room of the role. |
| dr_unit_modifiable | Boolean, not NULL | Only relevant for nevisIDM roles. Determines if the unit data room of the role is modifiable. |
| extid | String(50), not NULL | External identifier |
| name | String(100), not NULL | The role's name. It has to be unique within an application. |
| role_id | LONG, not NULL | Primary key (uniquely identifies each individual DB entry) |