Versions Compared

Old Version 30

changes.mady.by.user Rasmus Bohl Kristensen

Saved on

compared with

New Version Current

changes.mady.by.user Mathias Søby Jensen

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.


Excerpt

Describes how messages requesting operation on a collection are checked against the permission model.  

...

Components participating in a Bit Repository where RequireOperationAuthorization in RepositorySettings have been set to true is required to authorise any operation prior to performing them. 

To authorise an operation a component must use the certificate used to sign the request and lookup its permissions in RepositorySettings.

  • The operation can be authorised if the signing certificate have a suitable OperationPermission, see the Operation Permission model section for details.
  • If no suitable OperationPermission can be found the component should reject the operation. 
    • In the event that the request is not an IdentifyRequest, i.e. an OperationRequest, the component should also send an Alarm to notify of the unauthorised request. 

...

  • An Operation type. There is one Operation type for each operation type (see Protocol messages), and a catch-all named "All"
  • An optional list of allowed component IDs who are allowed to perform the operationwhere the permission applies i.e. a certificate is allowed to delete a file on PillarA but not on PillarB. If the list is not present it implies that there is no restriction
  • An optional list of collection IDs where the OperationPermission applies. If the list is not present it implies that there is no restriction

...