Authorization Basics

Authorizations are crucial for securing your platform, providing control over access to APIs and functionalities across various modules, including Queries, Actions, and Views. By setting up authorization policies, you ensure that only users or groups with the necessary credentials can perform specific tasks, enhancing the security and privacy of your application.

Integration with Other Modules

Authorizations are integrated with key platform modules to manage access and operations:

• Queries: Authorizations dictate who can execute queries and retrieve data, preventing unauthorized access to sensitive information.

• Actions: When setting up actions, you can specify who can trigger them, ensuring that only authorized users can perform critical operations.

• Views: By restricting access to certain data views, you ensure users only see what they are permitted to, based on their roles or permissions.

Types of Authorization Policies

The platform supports a variety of authorization policies, offering flexibility and precision in access control:

1. Only Anonymous

   • Grants access exclusively to users who are not logged in. Ideal for public-facing functionalities.

2. Anonymous or Authenticated User

   • Allows both logged-in and anonymous users to access the functionality. Balances broad accessibility with security for authenticated users.

3. Only Authenticated User

   • Restricts access to logged-in users, ensuring only verified users can access sensitive APIs or features.

4. Demand User Role

   • Grants access based on specific roles assigned within the system. This enables role-based access control (RBAC) to restrict actions to certain roles.

5. Demand Entity Role

   • Controls access based on roles assigned at the entity level. Users with roles specific to an entity record can interact with that entity, adding granularity to role-based access.

6. Demand User Permission

   • Restricts access based on user-specific permissions, ensuring only those with proper authorization can perform certain operations.

7. Demand Entity Permission

   • Similar to user permissions but applied at the entity record level, allowing access based on entity-specific permissions.

8. Demand Entity Owner

   • Limits access to the entity owner, ensuring only the owner can manage or modify the entity.

These authorization policies enable precise control over what users can see and do within your application, ensuring that only authorized personnel can access, modify, or execute features based on their roles and permissions.