• No results found

Cello How-To Guide. Securing Data Access

N/A
N/A
Info
Download
Protected

Academic year: 2021

Share "Cello How-To Guide. Securing Data Access"

Copied!
9
0
0

Loading.... (view fulltext now)

Download now ( 9 Page )

Full text

(1)
(2)

2

Contents

1 Introduction to User Entity Access Management ... 3

1.1. Sample Model Class for Reference ... 3

1.2. Entity Permission –APIs ... 4

1.3. Consumption ... 7

(3)

3

1

Introduction to User Entity Access Management

To enable users to do their job without exposing data that they do not need to see, CelloSaaS provides a flexible, user entity permission design that allows you to expose different data sets to different sets of users/Roles.

Characteristic of Entity Level Security

To specify the objects that users can access, you can assign permission sets and profiles. To specify the records that users can access

To specify the individual records that users can view and edit, you can set role/User wise access settings.

The Product or Tenant Administrator can set the Permissions and Privileges in three following ways:Open To All Users and Roles (Global Permission)

For Particular UserFor Particular Role

To take advantage of the User Entity Permission Capability for an Object, the object must have followed some code level configurations. They are

Ensure the model (Class) must contain the EntityDescriptor properties such as SchemaTableName, PrimaryKeyName, and DisplayColumnName.

The Entity table must contain the “TenantId” field The Display Column Name should not be Null field.

The Display Column Name must be easily understandable column for ease.

1.1.

Sample Model Class for Reference

[EntityIdentifier(Name = "CaseDetail")] [EntityDescriptor( PrimaryKeyName = "Id", DisplayColumnName = "CaseNumber", SchemaTableName = "dbo.CaseDetail", ExtnSchemaTableName = "CaseDetailExtn", IsExtensible = true,

(4)

4

SchemaTableConnectionStringName = CelloSaaS.Library.DAL.Constants.Applica tionConnectionString)]

public class CaseDetail : BaseEntity

{

public string TenantId { get; set; } public string CustomerId { get; set; } public int CaseNumber { get; set; } public CaseType CaseType { get; set; } public CaseStatus CaseStatus { get; set; }

public CaseSubStatus CaseSubStatus { get; set; } public string CreatedBy { get; set; }

public DateTime CreatedOn { get; set; } public string UpdatedBy { get; set; } public DateTime UpdatedOn { get; set; } public bool Status { get; set; }

}

1.2.

Entity Permission –APIs

Let’s consider a Document Collection as Entity and we have Document1, Document2, and Document3 in a entity. These are all called entity reference. In this we can set permissions like Add, View, Edit, and Delete and other privileges like Search, Publish for the particular user or role.

To Create the User Entity Permission we have to use following services:

The following APIs are used to check the user entity permission for the data by using UserId, EntityId, RefernceId, EntityOperation, and Privileges

Namespace: CelloSaaS.ServiceContracts.AccessControlManagement;

/// To add the User Entity Permission details

string AddUserEntityPermission(UserEntityPermission userEntityPermission);

/// To update the UserEntityPermission details

void UpdateUserEntityPermission(UserEntityPermission userEntityPermission);

/// To delete the UserEntityPermission details by id

void DeleteUserEntityPermission(string id);

(5)

5

void DeletePermissions(string userId, string tenantId, string entityId, string[] referenceIds);

/// To delete the UserEntityPermission details

void DeletePermissions(string userId, string tenantId, string[] entityIds, Dictionary<string,

List<string>> entityReferences);

/// To get all UserEntityPermission details for the tenantId.

Dictionary<string, UserEntityPermission> GetUserEntityPermissionsByTenantId(stri ng tenantId);

/// Get all UserEntityPermission details for the search condition.

Dictionary<string, UserEntityPermission> SearchUserEntityPermissionDetails(UserE ntityPermissionSearchCondition userEntityPermissionSearchCondition);

/// Returns the Permissions mapped against a given reference id for the user and entityDictionary<string, List<string>> GetPermissionsforUserEntity(string userId, string

entityId, string tenantId);

/// Gets the permissions for the given user, tenant and the list of entities

Dictionary<string, Dictionary<string, List<string>>> GetPermissionsforUserEntities(

string userId, string[] entityIds, string tenantId);

/// Gets the permissions for the given user, tenant and the list of entities

Dictionary<string, Dictionary<string, Dictionary<string, List<string>>>>

GetUserPermissionsforEntities(string[] entityIds, string tenantId, Dictionary<string,

List<string>> entityReferences);

/// Gets the Permission Count grouped by user entities for the given

tenantDictionary<string, Dictionary<string, int>> GetUserEntityPermissionsCount(string[] entityIds, string tenantId);

/// To get the UserEntityPermission count

int SearchUserEntityPermissionDetailsCount(UserEntityPermissionSearchCondition u serEntityPermissionSearchCondition);

/// To Save the user entity other privileges.

void SaveUserEntityOtherPrivileges(UserEntityPermission userEntityPermission);

/// To Save the user entity other privileges.

void SaveUserEntityOtherPrivileges(string userEntityPermissionId, string[] privileges);

/// To get ReferenceId by Entity, userId, entityOperation, and privileges

string[] GetReferenceIdByEntity(string userId, string entityId, EntityOperation operation);

(6)

6

/// To get ReferenceId by Entity

Dictionary<string, string[]> GetReferenceIdByEntities(string userId, string[] en tityIds, EntityOperation operation);

/// To get reference Ids.

Dictionary<string, string[]> GetReferenceIdByOperations(string userId, string en tityId, EntityOperation[] operation);

/// To get ReferenceId by Privilege

string[] GetReferenceIdByPrivilege(string userId, string entityId, string privil ege);

///To get the reference id by privileges.

Dictionary<string, string[]> GetReferenceIdByPrivileges(string userId, string en tityId, string[] privileges);

The following APIs are used to check the user entity permission for the data by using UserId, EntityId, RefernceId, EntityOperation, and Privileges

The CheckUserEntityPermissionByOtherPrivilege method is to check the permission with other privilege for the userId, entityId, referenceId, and tenantId. This will return the true/false if the permission has set for the reference.

/// To Check the user entity permission by other permission.

bool CheckUserEntityPermissionByOtherPrivilege(string entityId, string userId, s tring referenceId, string privilege, string tenantId);

The CheckUserEntityPermissionByOtherPrivileges method is to check the permissions with list of other privileges for the userId, entityId, referenceId, and tenantId. This will return the dictionary of true/false value for the privilege.

/// To check the user entity permission by other permission.

Dictionary<string, bool> CheckUserEntityPermissionByOtherPrivileges(string entit yId, string userId, string referenceId, string[] privileges, string tenantId);

(7)

7

The CheckUserEntityPermissionByEntityOperation method is to check the permissions with entity operation for the userId, entityId, referenceId, and tenantId. This will return the true/false if the permission has set for the reference.

bool CheckUserEntityPermissionByEntityOperation(string entityId, string userId,

string referenceId, EntityOperation entityOperation, string tenantId);

///To Check the user entity permission by other permission.

The CheckUserEntityPermissionByEntityOperations method is to check the permissions with array of entity operations for the userId, entityId, referenceId, and tenantId. This will return the dictionary of true/false for the entity operations.

Dictionary<string, bool> CheckUserEntityPermissionByEntityOperations(string enti tyId, string userId, string referenceId, EntityOperation[] entityOperations, str ing tenantId);

1.3.

Consumption

Below are the code snippets that shows how to setup Object Security .

var userEntityPermission = new UserEntityPermission();

UserId, RoleId, EntityId, ReferenceId, Permissions, OtherPrivileges and UpdatedBy, UpdatedOn, and Status properties must be set with values to Add/Update/Delete User Entity Permission.

userEntityPermission.CreatedBy = UserIdentity.UserId;

userEntityPermission.CreatedOn = DateTimeHelper.GetDatabaseDateTime(); userEntityPermission.UpdatedOn = true;

// To Add

UserEntityPermissionProxy.AddUserEntityPermission(userEntityPermission);

userEntityPermission.Id = formCollection["UserEntityPermissionId"].ToString(); userEntityPermission.UpdatedBy = UserIdentity.UserId;

userEntityPermission.UpdatedOn = DateTimeHelper.GetDatabaseDateTime(); userEntityPermission.UpdatedOn = true;

// To Update

(8)

8

// To Search the specific User Entity Permission

UserEntityPermission userEntityPermission = UserEntityPermissionProxy.SearchUserEntityPermissionDetails( new UserEntityPermissionSearchCondition() { UserId = userId, RoleId = roleId, EntityId = entityId, ReferenceId = referenceId,

TenantId = UserIdentity.TenantID, Status = true });

//To get the reference lists for the entity

//Returns Entity’s PrimaryKeyName as Key and DisplayColumnName as Value in a dictionary.

Dictionary<string, string> referenceIds =

DataManagementProxy.GetEntityKeyValuePair(entityId, UserIdentity.TenantID);

//To call the check user entity permission access

If(CelloSaaS.ServiceProxies.AccessControlManagement.UserEntityPermissionProxy.Ch eckUserEntityPermissionByEntityOperation(col.EntityIdentifier, userIdentifier, c ol.Identifier, CelloSaaS.Model.EntityOperation.Update, tenantIdentifier) == true){

//The true condition goes here. }

(9)

9

2

Contact Information

Any problem using this guide (or) using Cello Framework. Please feel free to contact us, we will be happy to assist you in getting started with Cello.

Email: [email protected]

Phone: +1(609)503-7163 Skype: techcello

References

Download now ( PDF - 9 Page - 1.11 MB )

Related documents

KNOWLEDGE MANAGEMENT AND INNOVATIVE DESIGN: STATE OF THE ART

The objective of this article is to make a state of the art on knowledge management and its bond with the innovating designs. After having presented some general information

Andrzej Adamczyk Conditions for the operation and development of enterprises in the period of European integration

Developmental changes of small and medium enterprises in Poland in the face of globalization and integration with the European Union.. The globalization of the economy influences

Customer Services User Manual

It is in the objective of the Utility to serve its customers diligently. Due to diversity of the needs of customers, effective customer handling calls for proper Customer

Best Practices for the Application of Functional Near Infrared Spectroscopy to Operator State Sensing

The second approach demonstrates the practical applicability of fNIRS to real-time cognitive monitoring, and identifies appropriate sensor placement, signal processing and

What we spend and what we get: Public and private provision of crime prevention and criminal justice

In China, private citizens (generally the victim or the victim’s relatives) prosecute less serious crimes, while the state prosecutes more serious offences (Newman, 1999, p. From

A Market for Immigration

The basic provision of a market for immigration would allow individuals who qualified for immigration to the United States under current laws and quotas, and who

Capital Expenditure Plans FY 2013 to FY 2017

Texas A&amp;M University System Subtotal 2,166,170 Institution: Texas A&amp;M University System Health Science Center. Land Acquisition Land Acquisition - Dallas for HPEB

products for Latin America

Ingrid Carlou, CEO of Patria Re told LatAm Insurance Review that the new office will help Patria Re to be nearer the “pulse of the trends and developments” in the global