Interface ISecurityControl
The security control feature that allows a client session to query and update the security store.
Inherited Members
Namespace: PushTechnology.ClientInterface.Client.Features.Control.Clients.SecurityControl
Assembly: Diffusion.Client.dll
Syntax
public interface ISecurityControl : ISecurityStoreFeature, IFeature
Remarks
The security store is maintained at the server and defines the roles that can be assigned to principals.
The association between roles and permissions is defined in the security store. A fixed set of permissions is defined and these are used to control access to actions and data on the server. Roles are used to associate permissions with principals. Permissions are assigned to roles and roles are assigned to principals.
A role can be assigned zero, one or many permissions. The same permission can be assigned to multiple roles. Roles can also include other roles to form a role hierarchy, and so inherit permissions.
Roles are implicitly defined by specifying them in relationships. There is no need to explicitly create roles in the security store.
Permissions may have 'global' or 'topic' scope. Global permissions apply to actions that are not specific to the topic tree, whereas 'topic' permissions apply to a topic or branch of the topic tree.
Topic scoped permissions are assigned to roles for specific topic paths. The permission assignment applies to all descendant topics, unless there is a more specific assignment. To evaluate whether a client session has access to a permission for a topic, the server starts at that topic and searches up the tree to find the nearest permission assignment. The first assignment is the only one considered, even if the client has roles involved in assignments further up the topic tree. Default topic-scope assignments can also be defined. These are used if no path assignment matches.
Access control
In order to query the store the session needs VIEW_SECURITY permission and in order to update the store it needs MODIFY_SECURITY permission.
Accessing the feature
This feature may be obtained from a ISession with the SecurityControl property.
Properties
Script
Gets the builder that can be used to create scripts for use with UpdateStore(String, IUpdateStoreCallback).
Declaration
IScriptBuilder Script { get; }
Property Value
Type | Description |
---|---|
IScriptBuilder | The default builder instance that creates an empty script. |
Methods
GetSecurity(IConfigurationCallback)
Obtains the current contents of the security store.
Declaration
void GetSecurity(IConfigurationCallback callback)
Parameters
Type | Name | Description |
---|---|---|
IConfigurationCallback | callback | The callback to receive status notifications for this operation. |
GetSecurity<TContext>(TContext, IConfigurationContextCallback<TContext>)
Obtains the current contents of the security store.
Declaration
void GetSecurity<TContext>(TContext context, IConfigurationContextCallback<TContext> callback)
Parameters
Type | Name | Description |
---|---|---|
TContext | context | The context of this operation. |
IConfigurationContextCallback<TContext> | callback | The callback to receive status notifications for this operation. |
Type Parameters
Name | Description |
---|---|
TContext | The context type. |
GetSecurityAsync()
Obtains the current contents of the security store.
Declaration
Task<ISecurityConfiguration> GetSecurityAsync()
Returns
Type | Description |
---|---|
Task<ISecurityConfiguration> | The |
Remarks
If the operation completes successfully, the Task
result will be a
ISecurityConfiguration instance.
This method is the same as calling GetSecurityAsync(CancellationToken) with
Exceptions
Type | Condition |
---|---|
SessionSecurityException | The calling session does not have VIEW_SECURITY permission. Thrown by the
returned |
SessionClosedException | The calling session is closed. Thrown by the returned |
GetSecurityAsync(CancellationToken)
Obtains the current contents of the security store.
Declaration
Task<ISecurityConfiguration> GetSecurityAsync(CancellationToken cancellationToken)
Parameters
Type | Name | Description |
---|---|---|
CancellationToken | cancellationToken | The cancellation token used to cancel the current operation. |
Returns
Type | Description |
---|---|
Task<ISecurityConfiguration> | The |
Remarks
If the operation completes successfully, the Task
result will be a
ISecurityConfiguration instance.
Exceptions
Type | Condition |
---|---|
SessionSecurityException | The calling session does not have VIEW_SECURITY permission. Thrown by the
returned |
SessionClosedException | The calling session is closed. Thrown by the returned |