Roles
Principals, roles, and permissions
Diffusion® works on role-based security structure.
A role is a set of permissions which allows you (a principal) to perform actions within Diffusion®.
A principal can be associated with one or more roles, such as ADMINISTRATOR
or CLIENT
.
Thus, when you grant a role to a principal, all permissions with the role are granted to the principal.
This lets you control the level of permissions granted to each principal.
For example, a back-end administration interface for your app would need a high level of permissions, granting it the ability to read and modify every topic; whereas, an end-user web app would need the ability to read topics, but not modify them.
Path-based permissions
Some permissions are path-based.
They define what the client can do on a particular topic or request-response path.
This means you can grant permissions in a granular way - that is, a client can be allowed to update some topics, but only have read-only access to other topics, and be disallowed from accessing others.
For more information, refer to the topic Permissions.