Introduction to Authorization

Introduction to Authorization

Authorization is all about giving end users or groups of end users authorization rights to different kinds of tasks. Whenever a user logs onto the Comflow runtime portal that individual should only be presented to the working tasks that he or she is authorized to see and work with. High authorization granularity even makes it possible to set authorization rules to specific columns that are part of a task.

Key concepts:

User – A single user (individual).

User group – A collection of users that are grouped into one entity.

Task – A work task performed by a user e.g. an Item Registration task.

Task group – A collection of tasks that are grouped into one entity.

Realm – A realm is a global logical entity (context). It is in the context of a specific realm that authorization rights are defined. A realm can for example be “Test” while another realm might be “Prod”.

Key methodology:

All users should, in a well formed authorization system, belong to a user group. First create the desired user groups, then create the different users and select which user group(s) that user should be part of. Users that share the same working task(s) typically belong to the same user group.

Users perform tasks. Often users perform several tasks and typically that collection of tasks is grouped into a task group.

Having created and performed the above steps then the most effective user authorization working method is to associate user groups to task groups. The least effective would be to associate single users to single tasks, especially when there are a great number of end users using the system.