Administrators of Fiorano can define user permissions on Applications to control unauthorized access to sensitive information.
Application level security is very important for the Fiorano product as this security classification defines which user holds action permissions on the flows. It also helps secure messages flowing between various business components by encrypting those messages at port or route-level depending on customer requirements.
List of Application level Access Control Permissions
The Access Control permissions that a user can grant for a particular application are as below:
- Permission to Compose an Application
This permission controls whether a user is allowed to COMPOSE/UPDATE/DELETE an Application from Server's repository or not.
- Permission to Kill an Application
This permission controls whether a user is allowed to STOP/KILL the Application or not.
- Permission to Launch an Application
This permission controls whether a user is allowed to LAUNCH/SYNCHRONIZE the Application or not.
- PermissiontoChangePropertiesofanApplication
This permission controls whether a user is allowed to change the following properties of a running Application or not:- Logging properties of a service instance
- Document Tracking property at ports of service instances
- Route Transformation at routes connecting service instances
- Permission to View Running and Saved Application
This permission controls whether a user is allowed to VIEW the application from server's repository or not. If a user tries to view an application for which he does not have permission, then no information will be presented to the user.
- Permission to Remotely Administrate an Application
This permission controls the set of users who can use service instances from this Application as a remote service instance in their own Application. By default, all users are allowed to access the service instances of all Applications remotely.
How to change Permissions
Application Level Permissions can be viewed and modified by navigating to *Security?Application* Permissions component of ESB Dashboard. Selecting a Principal and Application name in this view would display the set of positive and negative permissions assigned to that principal for the selected Application (see Figure1 below). The figure shows that user ADMIN has 3 positive and 3 negative permissions for Application named EVENT_PROCESS1.
Figure 1: Application Permissions
The set of positive and negative permissions can be modified by clicking the Edit Permissions button. For example, to change the type of a few negative permissions shown in the figure above to positive permissions, select the desired negative permissions from the set of Available Permissions; choose GRANT option and hit Modify button (see Figure2 below). The selected principal would then be granted permission to perform the actions represented by those permissions.
Figure 2: Edit Application Permissions