Authorization determines if a user has permission to access a service or plug-in resource. A resource is defined as an attribute or operation of an agent service or agent plug-in.
Unified Agent security is role-based. Permissions to agent service and agent plug-in resources are granted to unified agent roles. These unified agent roles are mapped back to roles returned by each security module.
The mapping of unified agent roles to security module roles allows the agent to tie its authorization model back to the authenticating security module.
When a client application attempts to access a resource, the authorizer compares the user's rights with the resource's access requirements.
Unified agent resources have default permissions set to the predefined unified agent roles. In most cases, only the role mappings need to be defined.
The predefined unified agent roles are:
uaUser – for a typical end user
uaGuest – for a temporary user
uaAnonymous – for an unauthenticated user
uaAgentAdmin – for the administrator of the Unified Agent
uaPluginAdmin – for the administrator of agent plug-ins
uaASEAdmin – for the administrator of the Adaptive Server
uaOSAdmin – for the administrator of the operating system
