Feature access control through roles and policies

Concrii® controls the access to specific features through Policies. The meaning of the Policies is detailed further on this page. Policies are bundled into Roles, and Roles are assigned to Users to specify the desired access for them. The assignment itself is explained in the Access Section of appsettings.json.

Policies

GUI and API Access Policies

There are two Policies that need to be assigned to a User depending on whether he or she should be able to access the GUI and/or the API of Concrii. These two Policies are a prerequisite for all other Policies that regard operations in the GUI and API and need to be assigned accordingly.

Feature	Policies needed	Description
GUI	`GuiAccess`	When this policy is assigned, the respective user has access to the Concrii GUI.
API	`ApiAccess`	When this policy is assigned, the respective user has access to the Concrii API.

Status Policies

The StatusRead Policy concerns the Status Page of the GUI.

Policy	Description
`StatusRead`	This policy enables the respective user to have read access to the status of indexes, columns and tables.

Configuration Policies

The Configuration operation Policies allow the management of access of the configuration JSON files: appsettings.json, configuration.json and initialstatus.json.

Policy	Description
`ConfigurationRead`	This policy grants the respective user read access to the configuration files.
`ConfigurationWrite`	This policy grants the respective user write access to the configuration files.

Friends Policies

The Friend operation Policy concerns Concrii Friend instances.

Policy	Description
`FriendsRead`	This Policy grants read access to the Friends Page of the GUI.
`FriendStatus`	This Policy enables the user to get the status of a Friend instance. For more information, see the `HttpFriendApi` controller in the API References.
`FriendSetMeOnline`	This Policy enables the user to inform a Friend instance that he is online. For more information, see the `HttpFriendApi` controller in the API References.
`FriendSetMeOffline`	This Policy enables the user to inform a Friend instance that he is offline. For more information, see the `HttpFriendApi` controller in the API References.
`FriendIUpdatedMe`	This Policy enables the user to inform a Friend instance that he has been updated. For more information, see the `HttpFriendApi` controller in the API References.
`FriendIUpdatedAnIndex`	This Policy enables the user to inform a Friend instance that an index has been updated. For more information, see the `HttpFriendApi` controller in the API References.

Index Policies

Policy	Description
`IndexRead`	This Policy enables the user to either see a specific index in the GUI and to retrieve this one specific index using the API.
`IndexesRead`	This Policy grants enables the user to see all configured indexes in the GUI and to retrieve all indexes using the API.
`IndexClearInformation`	This Policy enables the user to clear the current index information, a string about the last activity that happened. For a GUI representation, see the Index Page of the GUI.
`IndexCancelOperation`	This Policy enables the user to cancel the current index operation, which is either index creation or an update of the index.
`IndexCreate`	This Policy enables the user to create an index.
`IndexErase`	This Policy enables the user to delete an index.
`IndexUpdate`	This Policy enables the user to update an index.
`IndexSearch`	This Policy enables the user to search an index.
`IndexSearchGet`	This Policy enables the user to search an index and get index entries.
`IndexSearchIds`	This Policy enables the user to search ids. It regards the POST method, for the GET method, see `IndexSearchIdsGet`.
`IndexSearchIdsGet`	This Policy enables the user to search ids and get the entries, referring to the API GET method.
`IndexSearchValues`	This Policy enables the user to search the index values. It regards the POST method, for the GET method, see `IndexSearchValuesGet`.
`IndexSearchValuesGet`	This Policy enables the user to search index values and get the entries, referring to the API GET method.
`IndexGetFromIds`	This Policy enables the user to get entries (id and values) from an index using the ids.
`IndexGetAll`	This Policy enables the user to get all index entries.
`IndexGetValuesFromIds`	This Policy enables the user to get index values from ids.

Search Policies

Policy	Description
`Search`	This Policy enables the user to carry out a search.
`SearchRead`	Having this policy assigned, user can see the search page and the request search page within ui.

Value Search Policies

Policy	Description
`ValueSearch`	This Policy enables the user to carry out a value search.
`ValueSearchRead`	Having this policy assigned, user can see the value search page within ui.

Context Policies (Valuepolicies)

All following policies are Valuepolicies. This means, they can be assigned multiple times with different values, like this: *policyname*|*policyvalue* In general, a policy value can be added by using | as seperator. This means, the policy is restricted to this value.

Real examples:

ContextDatabase. Allows the user to access all databases.
ContextDatabase|myDatabase. Allows the user to access database myDatabase, only.
ContextDatabase|. Disallows the user to access any database.

Policy	Description
`ContextDatabase`	Policy sets all configured databases within contexts, means, all databases are available for this user. Can be restricted by a database id.
`ContextTable`	Policy sets all configured tables within contexts, means, all tables are available for this user. Can be restricted by a table id.
`ContextColumn`	Policy sets all configured columns within contexts, means, all columns are available for this user. Can be restricted by a column id.
`ContextIndex`	Policy sets all configured indexes within contexts, means, all indexes are available for this user. Can be restricted by an index id.
`ContextEncryptor`	Policy sets all configured encryptors within contexts, means, all encryptors are available for this user. Can be restricted by an encryptor id.
`ContextEncryptorProvider`	Policy sets all configured encryptor provider within contexts, means, all encryptor provider are available for this user. Can be restricted by an encryptor provider id.
`ContextConfigurationFile`	Policy sets all configuration files within contexts, means, all configuration files are available for this user. Can be restricted by a configuratio file name.
`ContextCleartextDatabase`	This policy enables users to access encrypted columndata from databases. Can be restricted by a database id.
`ContextCleartextTable`	This policy enables users to access encrypted columndata from tables. Can be restricted by a table id.
`ContextCleartextColumn`	This policy enables users to access encrypted columndata from columns. Can be restricted by a column id.

System Policies

Policy	Description
`SystemRead`	This policy grants the user access to the System Page of the GUI.
`SystemRestart`	This Policy grants the user the permission to restart the Concrii instance.
`SystemReloadConfiguration`	This Policy grants the user the permission to reload the current configuration.

Exception Policies

Policy	Description
`ExceptionRead`	This policy grants the user access the exception message within an error result.
`ExceptionStackTraceRead`	This policy grants the user access the exception stacktrace within an error result. `ExceptionRead` policy must be given, too

Diagnostics Policies

Policy	Description
`DiagnosticsRead`	This policy grants the user access the diagnostics page.
`DiagnosticsForceGarbageCollection`	This policy grants the user the permission to run garbage collection from UI.

Access Information Policies

Policy	Description
`AccessInformationRead`	This policy grants the user access the access information page, where login and identity details are displayed.
`AccessInformationTokenRead`	Allows user to view id/access token. Policy `AccessInformationRead` is needed for page access, too.
`AccessInformationClaimsRead`	Allows user to view its claims. Policy `AccessInformationRead` is needed for page access, too.