Skip to main content
Version: 2.75.x.x LTS

Role

A role entity always belongs to a single application and represents the application's coarse-grained authorizations.

When a user passes authentication successfully, the issued security token will contain a list of the user's roles. Every role in the security token will have the character pattern:

<application_name>.<role_name>

The enforcement of the fine-grained authorizations is the responsibility of the applications themselves: they will have to interprete the roles contained in the security token.

info

nevisIDM roles have additional attributes, the so-called data rooms (See the chapter: Authorization in nevisIDM for further details). These data rooms represent the fine-grained authorizations of nevisIDM itself and are never used for roles of other applications.

Database table TIDMA_ROLE

DB attributeJava data type (max. size), defaultsDescription
application_idLong, not NULLThe application the role belongs to. Foreign key that links to information in the table TIDMA_APPLICATION
descriptionString(1000), nullabe
dr_appl_initial_global_flagBoolean, not NULLOnly relevant for nevisIDM roles. The initial global flag for the application data room of the role.
dr_appl_modifiableBoolean, not NULLOnly relevant for nevisIDM roles. Determines if the application data room of this role is modifiable.
dr_client_initial_global_flagBoolean, not NULLOnly relevant for nevisIDM roles. The initial global flag for the client data room of the role.
dr_client_modifiableBoolean, not NULLOnly relevant for nevisIDM roles. Determines whether the client data room of the role is modifiable.
dr_erole_initial_global_flagBoolean, not NULLOnly relevant for nevisIDM roles. The initial global flag for the enterprise role data room of the role.
dr_erole_modifiableBoolean, not NULLOnly relevant for nevisIDM roles. Determines if the enterprise role data room of this role is modifiable.
dr_unit_initial_global_flagBoolean, not NULLOnly relevant for nevisIDM roles. The initial global flag for the unit data room of the role.
dr_unit_modifiableBoolean, not NULLOnly relevant for nevisIDM roles. Determines if the unit data room of the role is modifiable.
extidString(50), not NULLExternal identifier
nameString(100), not NULLThe role's name. It has to be unique within an application.
role_idLONG, not NULLPrimary key (uniquely identifies each individual DB entry)