Authentication and authorization
This topic provides a general overview of authentication and authorization and introduces 's (BAO) authentication and authorization system.
- Authentication is the mechanism used to securely identify users. It relates to how users sign into .
- Authorization is the mechanism used to grant users access to components and content and control what users are allowed to do with components and content.
Authentication is the method used to securely identify users. A user is the entity signing into the system (). Authentication for does the following:
- Identifies users.
The authentication system stores information about users to identify them. A user name, login name, and password is associated with a user.
- Determines if the user attempting to sign into is a valid user who is allowed to sign into .
Authentication systems may use other entities to organize users, including the following:
- Groups are ways of combining users in a way that is meaningful to an organization.
- Organizations are ways of combining users and groups in a meaningful way. An organization might be a group of users in a company, an entire company, a consortium, society, or some other institution.
For information about the authentication options available with Platform, see Installing an authentication service. If you are upgrading from an earlier version of , refer to the appropriate upgrade section in Upgrading and the authentication information for that upgrade.
The way that you set up and use authentication varies based on the authentication option your organization uses. This wiki provides instructions for each option. Ensure that you use the instructions for your authentication type.
Authorization is the system used to control access to resources. In authorization controls access to components and content. uses a role-based access control (RBAC) to control access to components and content.
In a typical RBAC system:
- Roles are created that align with job functions or tasks typically performed by users.
- Permissions are set up to control access to resources, such as read, write, execute, delete.
- Permissions are associated with roles, which controls the roles access to resources.
- Users, groups, or organizations (whatever entities used in your authentication system) are assigned to roles, which grants users access to the resources associated with the roles when the users are logged into the system. (7.9 uses users and they must be assigned to roles.)