Sharing Permits and Prohibitions between GEODI and other applications

Owned by Kemal Candan
Last updated: Jan 06, 2020 by Dece Translate (Unlicensed)
2 min read

Application can send permits and prohibitions during the Feed process.

Using your own custom user, authorization role, or authorization definitions


Roles or definitions in the application's own authorization model can be submitted for permits and prohibitions. When a user makes a query, GEODI asks the other application for the user's authorizations. This process is repeated every 20 minutes. The other application must manage the user-role-authorization mappings by performing the Sharing user authorizations ( GEODI → APP) service.




Example : role-based authorization model


// You can find all the features in the Feed API documentation
// Here you can see that roles 'Rol1','Rol2','Rol3' are permitted.
// Rol5 is denied.
{
	...
    Permission : {   Permit : ['Rol1','Rol2','Rol3'] , Deny : ['Rol5'] }
}

The application should return the roles of the user requested in the GetRoles method described in Sharing user authorizations ( GEODI → APP). Roles must be strings and matched to those given in FeedAPI.

Example: document-based authorization model 1


Method 1
// You can find all the features in the Feed API documentation

{
	...
    Permission : {   Permit : ['UserID1','UserID2','UserID3'] , Deny : ['UserID5'] }
}

The application should return the ID of the user asked in the GetRoles method described in Sharing user authorizations ( GEODI → APP).

Example: document-based authorization model 2


Method 2
// You can find all the features in the Feed API documentation

{
	...
    Permission : {   Permit : ['DocID'] }
}

The application should return the document IDs visible to the user asked in the GetRoles method described in Sharing user authorizations ( GEODI → APP)..

Using Group and User definitions recognized by GEODI

Groups and users recognized by GEODI can be used in Permit or Deny arrays.

  • A Group ID must be used for GEODI Groups. A Group ID is an ID that used for identifying the Group in the Group list on the Geodi Authority management screen (the ID can be learned using the Inspect Element feature of browsers)  Example: UserGroup_111aa11-1b11-...
  • User UniqueName should be used for GEODI users. Example: Geodi:guest
  • LDAP SID should be used for LDAP Groups and users. Example:  S-1-5-......


Example: role-based authorization model


// You can find all the features in the Feed API documentation
// Groups, LDAP Users and Geodi users that are included in Permit array are allowed
// Geodi:guest is not allowed
{
	...
    Permission : {   Permit : [' UserGroup_111aa11-1b11...','S-1-5-...','Geodi:ornek.kullanici'] , Deny : ['Geodi:guest'] }
}