Skip to main content

Access Rights structure in Bliksund EWA

EWA does not have an internal user database for authentication and authorization, and it should never have such a database because it puts the burden of user administration on our system. User authentication should be done through a federated login service which gives our system all the information it needs about the user for the session.

EWA is using a role-based access control (RBAC) scheme, which means that it reads the roles that a user has when in the current session, and maps these to get a list of access rights for the current session.
For more information about how we map roles to access rights; see the Migration and Seeding tool documentation.

Type of access rights in EWA

Some access rights in EWA gives the user access to a specific page or set of pages with all the functionality contained within, and others gives the user access to retrieve a subset of data or perform certain actions on a subset of data.

We have normally used a prefix such as "Organization" or "Department" for access rights that gives the user access to do something with a subset of data. To make things easier for ourselves during testing and maintenance of the system these access rights usually has a version with the prefix "All" which can be used to do the action on all the data of that specific type in the system.