Just a second...

Updating the security store

A client can use the SecurityControl feature to update the security store. The information in the security store is used by the Diffusion™ server to define the permissions assigned to roles and the roles assigned to anonymous sessions and named sessions.

Querying the store

Required permissions: view_security

The client can get a snapshot of the current information in the security store. This information is returned as an object model.

Updating the store

Required permissions: modify_security

The client can use a command script to update the security store. The command script is a string that contains a command on each line. These commands are applied to the current state of the security store.

The update is transactional. Unless all of the commands in the script can be applied, none of them are.

As of Diffusion 6.5, updates to read_topic permission assignments are applied immediately to all sessions. There is no need to reauthenticate a session or reassign a role.

Using a script builder

You can use a script builder to create the command script used to update the security store. Use the script builder to create commands for the following actions:
  • Set the global permissions assigned to a named role
  • Set the default path permissions assigned to a named role
  • Set the path permissions associated with a specific path assigned to a named role

    This can include explicitly setting a role to have no permissions at a path.

  • Remove the path permissions associated with a specific path assigned to a named role
  • Set the roles included in a named role
  • Set the roles assigned to sessions authenticated with a named principal
  • Set the roles assigned to anonymous sessions