Authorization Levels

There are five levels of authorization in the grid and its applications: Public, Restricted, Private, Session-based and Session-based with role restrictions. The authorization mechanism is in effect regardless of the type of client.

Public

The Public authorization level is for methods and functions that require no authorization. It is not even necessary to be authenticated to the grid to be able to run these functions. It is similar to public web pages on the Internet. This is the default authorization level unless the grid application specifies any other.

Restricted

Methods that are set to the Restricted authorization level only provide access to grid applications, not to users or external clients.

Private

Methods that are set to the Private authorization level only provide access to the grid application that owns the method. No other grid application, users, or external clients may use the methods.

Session-based

This authorization level is for methods that require the caller to be a valid authenticated grid user, but it is not necessary that the user belongs to any specific role or group. Any caller with an active valid grid session (or a caller having authenticated with a certificate) may use the function.

Session-based with Role Restrictions

This authorization level is for methods that require the caller to have a specific role, in addition to being authenticated. Each function specifies the roles that are required to be able to access the function. For information on how to assign users/groups to grid application roles, see Defining role mappings.