Diffusion™ Cloud secures your data by requiring client sessions to
authenticate and using role-based authorization to define the actions that a client can
- A session is an ongoing dialog between a client and Diffusion Cloud.
- The principal is a user or system user that has an identity that can be
A client can start a session providing a principal together with
credentials that are used to authenticate the principal. The principal is then
associated with the session. If the client does not provide a principal, and Diffusion Cloud is configured to allow it, the session is associated
with the ANONYMOUS principal.
- A permission represents the right to perform an action on Diffusion Cloud or on data hosted by Diffusion Cloud.
- A role is a named set of permissions and other roles. Principals and sessions can
both be assigned roles.
- Role hierarchy
- Roles are hierarchical. A role can include other roles and, by doing so, have the
permissions assigned to the included roles. A role cannot include itself, either
directly or indirectly – through a number of included roles.