Tuesday, March 16, 2004
Permissions on the Server
When you send in a XML message, it goes directly to the server. The server uses the sending_application_chid to determine determine through the (province-specific) FNSecurityAdapter what functional role the application has, and so which interactions it can send.
The Sending_organisation_chid is also used by the FNSecurityAdapter for authentication./
In UAT, we haven't implemented the FNSecurityAdapter fully. It only checks for client-side permissions, not for server-side permissions. So long as you pass in a sending_application_chid that is in the GRS_CT_TRUSTED_SOURCES table, then you are allowed to do anything in UAT.
We should extend the FN_SECURITY_ADAPTER to look up the organisation role by validating against a new GRS_CT_ORG_USERS table.
The Sending_organisation_chid is also used by the FNSecurityAdapter for authentication./
In UAT, we haven't implemented the FNSecurityAdapter fully. It only checks for client-side permissions, not for server-side permissions. So long as you pass in a sending_application_chid that is in the GRS_CT_TRUSTED_SOURCES table, then you are allowed to do anything in UAT.
We should extend the FN_SECURITY_ADAPTER to look up the organisation role by validating against a new GRS_CT_ORG_USERS table.
