GEN Security Classes

Described below are the delivered security classes that are strictly for the GEN product line.

ActorAdminAccess_ST Security Class

Grants unconditional access to the following objects in the GEN product line, needed to manage users:

  • person module

  • security module

  • Actor business class

  • Identity business class

  • PrivilegedIdentity business class

  • IdentityActor business class

ActorInquiryAccess_ST Security Class

Grants unconditional inquiry access to the following objects in the GEN product line, needed to inquire on users:

  • Actor business class

  • All fields within the Actor business class, except for the Actor and PersonName field, are unconditionally not accessible for all actions

AllGenAccess_ST Security Class

Grants unconditional access to the following objects in the GEN product line:

  • la module

  • person module

  • repository module

  • security module

  • BusinessClass Type

  • BusinessTask Type

  • JobQueueService executable

  • lsuserapp web application

  • UserManagement web application

  • SecuritySystemManagement web application

  • SecurityAuthorManagement web application

  • ProxyManagement web application

  • AdminProxyDefinition menu item in the ProxyManagementMenu menu

Denies access for all actions to the following:

  • ProxyDefinition menu item in the ProxyManagementMenu menu

AuthorAdminAccess_ST Security Class

Grants unconditional access to the following objects in the GEN product line, needed to manage authorization:

  • security module

  • Role business class

  • RoleSecurityClass business class

  • ActorRole business class

  • Security business class

  • SecurityCacheTimestamps business class

LsuserappAccess_ST Security Class

Provides access to the lsuserapp application.

Grants unconditional access to the following objects:

  • security module

  • lsuserapp web application

ServiceAdminAccess_ST Security Class

Provides access to manage services and related objects.

Grants unconditional access to the following objects in the GEN product line:

  • security module

  • HEPGroupHTTPEndpoint business class

  • HTTPEndpoint business class

  • HTTPEndpointGroup business class

  • LoginScheme business class

  • Service business class

  • ServiceHTTPEndpoint business class

  • ServiceProperty business class

UserAdminAllAccess_ST Security Class

Provides access for administrators to manage users.

Grants unconditional access to the following objects in the GEN product line:

  • la module

  • person module

  • repository module

  • security module

  • lsuserapp web application

  • UserManagement web application

  • Actor business class

  • ActorRole business class

  • ActorContext business class

  • Agent business class

  • ContextProperty business class

  • Identity business class

  • IdentityActor business class

  • ParentAgent business class

  • PrivilegedIdentity business class

  • Role business class

  • RoleSecurityClass business class

  • SecurityAnswer business class

  • MessageProcessor business task

  • SecurityProcessor business task

  • JobQueueService executable

Grants inquiry only access to the following objects in the data area:

  • DataArea business class

  • KeyField business class

  • ProductLine business class

  • SecurityClass business class

  • SecurityQuestion business class

  • Service business class

  • SSODomain business class

Grants create and update access for the following objects in the data area:

  • Security business class

  • SecurityCacheTimestamps business class

UserAdminForDataAreaAccess_ST Security Class

Provides access for user administrators to user information.

Grants unconditional access to the following objects in the GEN product line:

  • person module

  • repository module

  • security module

  • Actor business class

  • ActorRole business class

  • Identity business class

  • IdentityActor business class

Grants inquiry only access to the following objects in the data area:

  • Country business class

  • DataArea business class

  • i18n module

  • IsoCountry business class

  • IsoLanguage business class

  • Service business class

  • StateProvince business class

Grants create and update access for the following objects in the data area:

  • Security business class

  • SecurityCacheTimestamps business class

Grants all access unless the role is HelpDeskAnalyst, SecurityAdministrator, or JobQueueServer:

  • Role key field

Grants all access unless the security class is UserAdminForDataAreaAccess:

  • SecurityClass key field

UserAdminInquireAccess_ST Security Class

Provides access for user administrators who only need inquire access on user data.

Grants unconditional access to the following objects in the GEN product line:

  • la module

  • person module

  • repository module

  • security module

  • lsuserapps web application

  • UserManagement web application

  • MessageProcessor business task

  • SecurityProcessor business task

  • JobQueueService executable

Grants inquiry only access to the following objects in the data area:

  • Actor business class

  • ActorContext business class

  • ActorRole business class

  • Agent business class

  • ContextProperty business class

  • DataArea business class

  • Identity business class

  • IdentityActor business class

  • KeyField business class

  • ParentAgent business class

  • PrivilegedIdentity business class

  • ProductLine business class

  • Role business class

  • RoleSecurityclass business class

  • SecurityAnswer business class

  • SecurityClass business class

  • SecurityQuestion business class

  • Service business class

  • SSODomain business class

Grants create and update access for the following objects in the data area:

  • Security business class

  • SecurityCacheTimestamps business class