Most logical roles are defined by MBO modelers or.
MBO modelers define logical roles in their models, either at the MBO or operation level:
- When logical roles are assigned to an MBO, that defines the role based access control (RBAC) policy for who can read data from that MBO.
- When logical roles are assigned to an MBO operation, it defines the policy for who can execute that operation.
After the MBO is deployed to a production Unwired Server, an Unwired Platform administrator may create the logical and physical role mappings. This usually occurs after consulting both:
- The MBO application developer to understand which logical roles are meant to protect access.
- The backend security administrator to understand which physical roles are available.
After such consultation, the platform administrator may deem it appropriate to create new backend roles and assign subjects to them to get appropriate groupings.
In the absence of explicit mapping, the default role mapping is set to AUTO, which is equivalent of logical role mapping to a physical role of the same name, in the underlying provider of that security configuration.