Server (Cells) Architecture Home
Space shortcuts
Space Tools

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...


User access is determined by a user's "role", which is a variable associated with a user that serves to define the actions that a user may perform. The role may determine how much data to return and whether or not there is access to a particular service.

  • Roles are further defined in the next section, which is called User Roles.



In addition to roles, there is the concept of a "target location" or "domain" that further defines the environment and associated permissions. The target location is a variable that defines the PM server location to be accessed. When a person logs in to the i2b2 Workbench, a login screen comes up that requires the username, password and target location to be entered. The target location is also called the domain, which is shorthand for domain name and it is used to authenticate the user. The domain is actually shorthand for the domain name. The i2b2 cells have mappings of the domain names to the URLs; these mappings tell where the service that will authenticate the user is located. If the domain does not exist in the lookup table, the person is not authenticated. If the domain exists, the user is authenticated. In effect, the mapping of the domain name to the URL provides an extra layer of security to the authentication process.
After the authentication process the PM cell performs the authorization process. The get_user_configuration message is used by the PM cell to determine the user's roles, permissions and privileges as well as return what the user is allowed to see.