Permissions and licensing for the IDO request interface

Sessions established with the Mongoose user interface involve a different model for permissions and licensing than sessions established programmatically using the IDO request interface.

For UI sessions, the user account must be granted authorizations or permissions, for each form the user attempts to run. Authorizations are granted at a group or user level in the Groups or Users form. Authorizations can also include policy as to which operations are enabled, and even field-level permissions. Similarly, the users must be granted at least one license module that contains the form that must be run, unless the Usage-Tracking-Only mode of licensing is in effect.

By contrast, for sessions created through an API, the user account permissions and licensing are checked against the IDOs being accessed, and not the forms. So, the user account for the session must be granted with permissions to the IDOs for which LoadCollection, UpdateCollection, and Invoke requests are made. Those permissions might further restrict which operations that user account can use for various IDOs, as well as property-level restrictions. Finally, the user account must be granted with at least one license module which includes the IDO being accessed, unless the Usage-Tracking-Only mode of licensing is in effect.

Note: When the REST option is used within the ION API, the user account is drawn from the browser, and single-sign-on occurs. The resulting user account, however, still requires IDO-level permissions and licensing.

To know more about configuring permissions and licensing, see the online help for the Users and Groups forms.