Security Model
Elements uses a three-tiered security model through a single API. When accessing the API a user may access at one of three access levels: * Anonymous - the user is not logged in or has not provided any valid access credentials. * User - the user is a regular user and can access some APIs intended for the general purpose users. Generally speaking, the API will only supply information pertaining to the logged-in user. * Superuser - the user can access full APIs which generally includes access to all records in the system.
At the time of this writing, Elements does not support full user segmentation by group and permission scheme. This is a feature slated for future releases. However, future versions will still operate against group-based access.
User Access Levels
Currently, a user may have one of the three following access levels. This applies to the User's entire account. Across all of Elements, the security model applies as follows.
- Elements intercepts incoming requests as soon as possible, reads credentials information, and applies scope based on the user-supplied credentials.
- For a majority of endpoints, including those defined as cloud functions in the scripting engine, the user scope will be set before the presentation layer receives the code.
- Elements will instantiate the specific version of a Service based on the access level.
Anonymous
Anonymous is the default access level and tends to grant very little access. If the client supplies no credentials, Elements will process all requests at this level. It is possible to greatly restrict a logged-in User's access by assigning this level. This will give the user the same access level as if they were not logged in. It may, however, still allow for valid session creation.
User
User is the access level for normal users. Additionally, it is the default level for making new accounts. Only a Superuser may escalate a user's access level allowing for access to the whole system. In general, users of your application should always be assigned this level.