Roles

Principals, roles, and permissions

Diffusion® Cloud works on role-based security structure.
A role is a set of permissions which allows you (a principal) to perform actions within Diffusion® Cloud.

A principal can be associated with one or more roles, such as ADMINISTRATOR or CLIENT.
Thus, when you grant a role to a principal, all permissions with the role are granted to the principal.
This lets you control the level of permissions granted to each principal.

For example, a back-end administration interface for your app would need a high level of permissions, granting it the ability to read and modify every topic; whereas, an end-user web app would need the ability to read topics, but not modify them.

Path-based permissions

Some permissions are path-based.
They define what the client can do on a particular topic or request-response path.
This means you can grant permissions in a granular way - that is, a client can be allowed to update some topics, but only have read-only access to other topics, and be disallowed from accessing others.

For more information, refer to the topic Permissions.

Managing security

To edit principals, roles, and permissions you can use either of the following methods:

The Security tab of the Diffusion® Cloud Console, when you log in to Diffusion
The client API