Role-based access control |
SuperMap iServer Web Manager provides security module to implement access control to the services through user-identification-based authentication and authorization.Administrators, publishers and users of services can manage through the security module. And only the granted users can access the corresponding resources. The Web Manager is not affected by enabling security module or not, at any time, users must log in to it and then access.
The role based access control includes the concept of users, roles and authorization:
User - individuals or programs to access the service, user information will be stored in a user list after the user is created (or registered).
Role - a set of permissions. One role can be associated with multiple users, one user can be associated with multiple roles, the relationship between the users and roles is many to many.
Permission - the role's capability to access the services or Service Manager. Permissions are corresponding to the roles. The administrator can grant some permissions of a single or multiple services to the role, but users could obtain the appropriate permissions only by associating authorized roles.
Role-based access control can restrict unauthorized users from accessing the services. User authentication and authorization are necessary in order for authorized users to access the services.
Authentication - the process of validating user identity, SuperMap iServer provides HTTP Form-based authentication and Token-based authentication.
Authorization - the process of verifying whether the authenticated user has permission to access the requested service.
Specifically, role-based access control includes the following aspects:
By default, the security management module uses SuperMap iServer built-in stored users and roles to implement security protection. Users and roles information are stored in file, and only SuperMap iServer administrator can access and manage the file. When using the built-in stored users and roles, the HTTP Form and Token mechanism will be used to authenticate users.