Authorization enables you to grant permissions to a user for different resources. It occurs after you are authenticated in an application.

With the underlying UI Framework, you have the following options for implementing authorization:
  • The default implementation.

    If you are currently using the default implementation of authorization, and want to continue using that implementation, you must use this option. The default implementation supports all existing authorization features.

  • A customized implementation without the default implementation.
  • A customized implementation of the default implementation.

With all options, the implementation is plugged into interface contracts, which have definitions of the behavior expected with any authorization mechanism that can plug into it. This ensures a consistent mechanism for authorization, no matter how you are implementing it (custom or default).

If you do not use the underlying UI Framework default implementation of authorization, and no custom implementation is provided, by default the user will have access to all resources.

Authorization uses a resource ID to see if a user has permission to use a resource. Resource IDs control access to the Extensibility Workbench and Designer Workbench.

Authorization can be called in different ways:
  • LDAP
  • Database table
  • A resource ID in the metadata of a mashup

    To use a mashup, you must define a resource ID for the mashup to control the access of the mashup and give it to the mashup.xml.