Registration Solution: Roles and Workspaces¶
Roles and Workspaces are used to secure data for the
Registration Solution.
Data isolation is provided by using Workspaces and Roles.
- The Workspace for "Club A" is assigned a Club Role to the ACL (Access Control List).
- The Workspace for "Club A" is also assigned the Registrar Role to the ACL.
- Each Club Administrator for "Club A" is assigned the same Club Role that matches the Workspace Role.
- The Registrar can access the data in "Club A".
Let's walk through an example of how Workflows are secured. The example secures data for the XYZ Club.
Club Name: 'XYZ'
To secure the club data, follow these steps:
- Create a unique Workspace for every Club. The Workspace name is 'XYZ'.
- Create a unique Role. The Role name is 'XYZ'.
- Add the 'XYZ' Role to the 'XYZ' Workspace.
- Create a User, who will be the Club Administrator. e.g. this may be 'Sally' or 'Sally@XYZ.com'.
- Add the 'XYZ' Role to the new User.
- The new User logs in.
- Add Club data.
- Add Members to the Club.
- Add Profiles to each Member.
Why use the same name for the Club, Workspace and Role?¶
The same name is used to define the club, workspace and Role. This can be confusing if you need to talk about Club, Workspace and Role separately. e.g. "I use the 'XYZ' Role to secure the data for the 'XYZ' Club in the 'XYZ' Workspace." Only a Jetfire Administrator needs to think about the Club, Workspace and Role as separate entities.
In general, the Club Adminstrator (a Jetfire User) for the 'XYZ' Club says "I manage the data for the 'XYZ' Club." The Club, Workspace and Role are blurred into a single entity - the Club.
When asked about Club 'XYZ', both the Jetfire Administrator and the Club Administrator understand the relationship to the data.
How does this secure the data?
Jetfire Data Security is performed when the User logs in. This is what happens:
- The Jetfire User logs in.
- Roles for the Jetfire User are compared to Roles in the Workspace ACL (Access Control List).
- If the Roles match, then the workspace and its data is retrieved for the user.
- If the Roles do not match, then the workspace and its data is not visible to the user.
Some Properties are Read-Only for the Club Administrator. How does that work?
When the data is retrieved, the Roles for the logged-in user are compared to the Roles in the Property ACL. Properties that do not allow the Club Administrator to write to the property are identified at this time, thus making the property read-only.
For more information, read about
dynamic access modifiers.