Roles

From DreamFactory
Jump to: navigation, search

Role-Based Access Control

DreamFactory offers a very granular role-based access to all services and resources in the system. SQL databases have various tables, NoSQL databases have collections of documents, and File Storage Systems have different folders. In a DreamFactory Instance, administrators can define roles with role-based access controls to govern which of these components are visible to a given user, along with HTTP verbs such as GET, POST, PUT, PATCH or DELETE that govern access. Various combinations of these verbs and service resources can be used to grant or deny access.

Role-based access controls allow information to be hidden from certain roles and their assigned users or applications. For example, individual sales people might not have access to salary information, while this data might be available to managers. This capability prevents accidental data loss or disclosure of sensitive information.

Record-Level Access Control via Server-Side Filters

Roles can be customized further with server-side filters to implement record-level access control. Each filter takes the form of a "field operator value" equation that must be true to enable access. The record-level access controls can impose constraints on external data sources. For example, you can limit data visibility only to records that the user created. This feature provides fine-grained security control of data sources.