Identity Management System

From Sense/Net 6.0 Wiki

Contents 1 Overview 2 Permission management 2.1 Security inheritance 2.2 User actions

[edit] Overview

Every enterprise application needs some solution for managing users and permissions. We call this functionality an IMS (Identity Management System) and UAC (User Access Control).

In Sense/Net 6.0 everything is stored as Content in the Sense/Net Content Repository, including user and group information. Domains, Users, Groups and Organizational Units all appear as Contents in the Repository. This helps users understand and manage the Identity Management System easily, through the intuitive interface of the Content Explorer.

As permissions are assigned to every node in the Repository, the rights to manage users and groups in the IMS can be delegated specifically and effectively to managers, simplifying workflow and lightening the load on your IT department.

Users can be assigned to a number of groups, and even a group can be added to another one, even across domain borders. Unlike in Microsoft Active Directories, Organizational Units also behave as groups, with the same capabilities.

Using the built-in ASP.NET Windows authentication model, intranet users can use their Active Directory login for authentication in the portal, allowing for a single Windows login to provide for all identification needs throughout the workday.

[edit] Permission management

You can assign users and groups with various rights to any particular content (eg. a site, list, folder or document) in the Repository. These permissions are inherited from the Content's parent by default, but anyone with the necessary rights can modify them. Using the intuitive interface of the Content Explorer, the user responsible for a particular collection of Content can manage its permissions herself.

[edit] Security inheritance

Security inheritance means that nodes in the Repository inherit their permissions from their respective parents. The model is similar to that of the Windows file system, where each file or folder inherits permissions from the folder above it. This simplifies the management of permissions for large groups of users and trees of Content.

[edit] User actions

A user can interact with a piece of Content in various ways. In Sense/Net 6.0, permissions can be managed by granting or denying permission for each of these actions. To avoid trivial inconsistencies, like allowing save but denying open, certain actions depend on each other.

• See
• Open
• Open minor
• Save
• Publish
• Force undo checkout
• Add new
• Approve
• Delete
• Restore
• Delete old version
• See permissions
• Set permissions
• Run application