Updating the security store
A client can use the SecurityControl feature to update the security store. The information in the security store is used by Diffusion™ Cloud to define the permissions assigned to roles and the roles assigned to anonymous sessions and named sessions.
Querying the store
Required permissions:
The client can get a snapshot of the current information in the security store. This information is returned as an object model.
Updating the store
Required permissions:
The client can use a command script to update the security store. The command script is a string that contains a command on each line. These commands are applied to the current state of the security store.
The update is transactional. Unless all of the commands in the script can be applied, none of them are.
As of Diffusion Cloud 6.5, updates to permission assignments are applied immediately to all sessions. There is no need to reauthenticate a session or reassign a role.
Using a script builder
- Set the global permissions assigned to a named role
- Set the default path permissions assigned to a named role
- Set the path permissions associated with a specific path assigned to
a named role
This can include explicitly setting a role to have no permissions at a path.
- Remove the path permissions associated with a specific path assigned to a named role
- Set the roles included in a named role
- Set the roles assigned to sessions authenticated with a named principal
- Set the roles assigned to anonymous sessions