Security
Diffusion™ secures your data by requiring client sessions to authenticate and using role-based authorization to define the actions that a client can perform.
Concepts
- Principal
- The principal is a user or system user that has an identity that can be
authenticated.
When a principal is authenticated is becomes associated with a session. The default principal that is associated with a session is ANONYMOUS.
- Session
- A session is a set of communications between the Diffusion server and a client.
- Permission
- A permission represents the right to perform an action on the Diffusion server or on data.
- Role
- A role is a named set of permissions and other roles. Principals and sessions can both be assigned roles.
- Role hierarchy
- Roles are hierarchical. A role can include other roles and, by doing so, have the permissions assigned to the included roles. A role cannot include itself, either directly or indirectly – through a number of included roles.