Security for Device Users

Unwired Server requires administrators to configure security provider for device users. The production environment for your device applications may require you to create multiple security configurations of different types of providers.

Use Sybase Control Center to configure security providers for device users security.

For example, a company sales employee needs to look up a client's phone number in a phone book device application. This authentication sequence allows the sales employee to access data from the phone book application:
  1. The employee tries to open the application, which prompts for a user name and password, which is local to the device, and not explicitly tied to a corporate security account.
  2. The first time the application is opened, the employee must synchronize the customer MBO to access the client phone number.
  3. Unwired Server gets an authentication request.
  4. Unwired Server sends the request to the authentication provider that processes the login credentials.
  5. The provider checks the user name and password against information stored in authentication repository, in this case, an LDAP directory server on the corporate LAN.
  6. The directory server evaluates the access policy to see if the authenticated user has permission to access this client's contact information.
  7. If the login request is valid, the user is authenticated. Because the employee has the correct access privileges, Unwired Server is notified and the resource request is fulfilled.
    Note: The granularity of access control checks is at the MBO-class or MBO-operation level. Therefore, if the user has access to one customer record, he or she can access all customer records.
  8. If the login request is invalid, an error is generated and authentication fails.
For example, a user needs to access a client application locally, without a connection to the Unwired Server. The application uses the offline authentication method from the package database class to authenticate against the last successfully authenticated credentials.
  1. The user tries to open the application, which prompts for a user name and password, which is local to the device, and not explicitly tied to a corporate security account.
  2. The first time the application is opened, the offline authentication method verifies with the client database if those credentials are valid.
  3. If the username and password are correct, the method returns successfully and the user is authenticated. The user accesses the client application locally.
  4. If the login request is invalid, an error is generated and authorization fails.
  5. If the credentials are invalid, an error is generated and authentication fails.
  6. If the user doesn't have a required role, an error is generated and synchronization fails.