Permissions and licensing for the IDO Request Interface

Sessions established with the Mongoose UI involve a different model for permissions and licensing than sessions established programmatically using the IDO Request Interface.

For UI sessions, the user account must be granted authorizations, or permissions, for each form the user attempts to run. This is granted at a group or user level in the Groups or Users form. This authorization can also include policy as to which operations are enabled, and even field-level permissions as well. Similarly, the users must be granted at least one license module that contains the form they are trying to run, unless the Usage-Tracking-Only mode of licensing is in effect.

By contrast, for Isessions created through an API, the user account permissions and licensing are checked against the IDOs being accessed, not the forms. So, the user account for the session needs to have been granted permissions to the IDOs for which Load Collection, Update Collection, and Invoke requests are made. Those permissions might further restrict which operations that user account can use for various IDOs, as well as property-level restrictions. Finally, the user account must have been granted at least one license module which includes the IDO being accessed, unless the Usage-Tracking-Only mode of licensing is in effect.

Note: When the REST option is used within the ION API, the user account is drawn from the browser, and single-sign-on occurs. The resulting user account, however, still requires IDO-level permissions and licensing.

For details on configuring permissions and licensing, see the online help for the Users and Groups forms.