CDP 4 User Manual

Authorization

The CDP4 WebServices makes use of a role based permission scheme. The roles and permissions are granted to users for the 2 kinds of TopContainer. If a user has read or read-write access to a kind of Thing in the CDP WebServices those Things are returned on a GET request or can be created, updated and deleted by means of a POST request. If the user does not have at least read access to a kind of Thing, instances of that type will never be returned in a the response of a GET request.

When we look again at the GET request on the Person class, if a Person would not be granted read access to EmailAddress and the following GET request would be performed:

http://hostname:port/SiteDirectory/f13de6f8-b03a-46e7-a492-53b2f260f294/person/77791b12-4c2c-4499-93fa-869df3692d22?extend=deep

the EmailAddress instances contained by the Person object would not be returned as part of the resulting JSON array.

SiteDirectory permissions

The Person class has a property called role of type PersonRole. This role determines the permissions a Person (thus a user) has on the SiteDirectory. A PersonRole contains multiple instances of PersonPermission. The PersonPermission class determines for a kind of class in the containment of the SiteDirectory TopContainer whether the user has read, read-write, or no access to that class.

The PersonRoles are contained by the SiteDirectory

EngineeringModel permissions

A Person is granted access to an EngineeringModel by means of a Participant class. A Participant references a participantRole which in turn contains multiple instances of ParticipantPermission. The ParticipantPermission class determines for a kind of class in the containment of the EngineeringModel TopContainer whether the user has read, read-write, or no access to that class.

Last modified 11 months ago.

^ Top