Maslosoft Ilmatar Module Ua Logo Maslosoft Ilmatar Module Ua
Ilmatar user management module 

Users and group management

This is module for managing users and users groups. This include creating and editing user accounts, registering, authenticating, managing access control and groups of users.

Group Role Based Access Control

Group role based access control is extension of Role-Based access control. Instead of applying roles to individual users, roles are applied to groups. Then users are added to groups to attach proper permissions. This has several advantages over attaching roles directly to users.

Reusable presets of permissions

Each group can define access to user actions and other scenarios. User can be attached to one or more groups. This results in merged permissions. Permissions are merged in secure way, so that in case of conflicting role access levels, permission is simply denied. This merge is done by incorporating different access levels. For each entity there are three possible values:

  • Allow
  • Not set
  • Deny

Allow means that user have access to resource, unless he is member of group which has explicitly denied access.

When not set, it will denied access, unless some other group allows it. If in any group resource is set to deny, it will not allow access even if other group allowed it. While it might sound complicated, access resolving could be show in simple equation:

Multi-way authorization