Authorization framework

Resources that can be authorized usually correspond to a leaf level menu item. As a consequence the menu structure which every user sees depends on their permissions. If the user has at least view permission for a given resource. The required menu section and corresponding leaf level to access the page is displayed. If the user has no permissions for any resource in a menu section, the whole menu section is not displayed.

All leaf level menu items open a main access page from where a user can navigate to sub-pages. The level of access that is given to the user on the sub-pages is the same as the main page.

For example:

The Data Flows page under Connect is a resource. If the user has view level permissions for this resource, the Connect > Data Flows menu is shown to the user.

When the user clicks Data Flows, the main access page of Data Flows the list view of available data flows is displayed. The access control for the data flows details page is implicit. The access level on the details page is the same as the list page.

When the user can navigate to pages of another related resource, ION authorization framework expects that the user have explicit permissions for the destination resource. If not, the access channel to the related resource is either not shown or a Permission Denied error message is displayed. Same behavior is exhibited when importing one resource tries to create another related resource. In this case, the user is expected to have appropriate permissions on the related resource as well.