Membership Services allow users to implement the authentication and manage authorization to the system. For example, by using the combination of your e-mail and password System identifies current user from all other users in the system and may also provide additional permission for actions inside the System for identified users.
Membership Service is a system access control which is role-based and is one of the subsystems of the Foundation Services. It allows you:
1)The term “Group of Users” normally assigns the affiliation of users to similar business activities, such as Sales Managers, Bookkeepers, Administrators, etc. Users can join the groups as well as the groups can be included in the other groups.
2)Roles can be assigned to users and/or group of users according to their collective access to the particular resources (or actions). Roles can include other (different) roles of the system.
3)Protected Resources are the types of objects of their entity, their properties, and associations between them and so on. Each type of the Resource contains the list of actions. Rights can be assigned on these actions.
4)User can have the rights of action on a particular resource only if he/she is the owner of this resource.
5)It’s possible to create, for example, a set of abstract resources and actions upon them, to assign the rights and to inhabit the rest of the resources of the actions afterwards. In doing so the heirs will receive the right to act ancestor.
6)One can create the action, which is called “Full access” for example. This particular action will include a set of atomic actions on creation, editing, deleting the resource and so on.
7)There can be a situation, as an example, when the user can have the rights allowing him/her and at the same time restricting him/her to perform the same action. When it happens a particular setting to resolve this problem should be used.
- to store the information about the system users and/or groups of users they can join1)
- to include the users and/or the groups of users into the Roles for the subsequent rights assignment for each Role2)
- to register the types of protected resources and actions taken on them which will have the rights designated upon them3)
- to assign rights for each role for each activity
- to assign additional restrictions on the rights for the particular resource and/or user (group of users) of the system4)
- to keep the hierarchy of the following classes of the resources and inherit the rights to act upon these resources5)
- to create composite actions out of elementary actions or other composite actions6)
- to assign the rights to perform or prohibit the implementation actions
- to keep the setting to help to calculate the rights in specific7)
- to audit all the loggings to the system
The most important benefits of the Service are listed below:
Flexibility. System supports following of the objects and their actions as well as the rights on these actions. System supports composite actions, groups of users and composite roles. System allows setting the predefined limits on existing rights on the resource for the user, namely such as Creator of the resource, Owner of the resource, Last Modifier, Interested Party and others. It consists the settings to help calculate the rights of the users.
Extensibility. System allows building the hierarchies of the resources (inheritance), to create complex actions (aggregation), combine users into groups and roles, create complex roles, consisting of other roles (aggregation) and set extra restrictions on the rights depending on the other qualities of the user or the qualities of the system.
Performance. System uses the Service Data Cache to accelerate future references and prevent the re-calculating of user’s rights.
Thanks to integration with the Statistics Services it’s possible to calculate the amount of loggings in the system and the time of computation.
Security. User passwords are encrypted unilaterally and cannot be decoded back. Other measures are taken as well to protect the confidential information.
Through integration with Logging Service, the system performs auditing of the actions upon the protected resources by the user of the system.
Thanks to the Exception Handling Service the details of the error in the system will be hidden from the user. Through integration with the Notification Services, the system allows to alert, for example, the administrator about the special events in the system.
Points of interest. The system involves the possibility of delegation of authority from one user to another, the opportunity to except the multiple user accounts as one, known as the accounts which belong to the same person and maintain user profile.