Authorization
- Karsten Markmann
Authorization refers to the process of verifying what a user has access to. While often used interchangeably with authentication, authorization represents a fundamentally different function.
In authorization, a user or application is granted access to an API after the API determines the extent of the permissions that it should assign. Usually, authorization occurs after identity is successfully validated through authentication so that the API has some idea of what sort of access it should grant. Authorization can be determined through the use of policies and rules, which can be used with role-based access control (RBAC). Regardless of whether RBAC is used, requested access is transmitted to the API via scopes and granted access is returned in the issued Access Tokens.
Configuring authentication in Link
Authentication is Link is configured using permissions, roles, usergroups and users, in that order. Each API method requires one or more specific permissions. Permissions are grouped in roles, which are preconfigured. Each user has a user account, either via Active Directory integration or directly in Link. User accounts are associated with any number of user groups, which are configured by the local administrator. A user group is basically a collection of roles. Through all of this a user is inevitably granted a collection of permissions.
Permissions and roles are already available in Link. The local administrator must create user and user groups as required to be authenticated and authorized to call the Link API. See the Link manual for further instructions.
How to configure user groups in Link: Usergroups
Content on this page:
The information on this page is based on Link 2.11