Roles

Logical roles provide authorization for mobile business objects during development and physical roles control the access to back-end data sources during runtime.

There are two types of roles:

• Logical roles – defined and used within the development environment to provide security to mobile business objects (MBO) and MBO operations during development, and eventually mapped to physical roles during deployment. Mobile device users have no interaction with logical roles.
• Physical roles – enterprise-oriented and managed by the Unwired Server administrator or through some other enterprise security provider. Physical roles control the access to the back-end data sources of an MBO during runtime.

When deploying MBOs to Unwired Server, you can map logical roles to existing physical roles that are located on the Unwired Server. The mapping transfers authorization and other properties from the physical role to the logical role.

The need for role mapping exists because, in most cases, any role-based authorization used while developing an MBO is invalid after the MBO is deployed to the Unwired Server, since it is likely the Unwired Server uses a different security mechanism, or set of roles, or the data source changes and uses different authorization than used during development.

If development and Unwired Servers use the same set of roles, you can map the logical role name directly to the physical role when deploying the MBO.

The Roles folder contains user-defined roles that can be modified and reused.

---

Created September 17, 2009. Send feedback on this help topic to Sybase Technical Publications: pubs@sybase.com