Maintaining Resources

A resource is an entity within the system that can be used.

Resource Scope

Resources exist at instance-level, and are inherent for the system, although custom resources can be created at instance-level also. An instance contains multiple resources.

Resources can be classified by type:

  • Application—An application that resides on the main menu or the quick launch menu
  • Class Attribute—A specific property of the objects managed by the class services
  • Class Method—An action or service that is called from the applications
  • File—A file on the file server
  • Job type—A specific resource that can control the permissions to act on the various job types available within the laboratory.

Use of Resources

A resource makes up the lowest level of the security permissions. Without an authorisation to access a resource, the related entity is not available.

Applying Security Changes

Three security-related caches are used by the system: the authorisation cache, authorised applications, and core CCLAS securities.

Note: There is an 8-hour cache period for each of these security-related caches. Changes to security do not come into effect until after this cache period expires, and even then, where security permissions are changed for a user, the old security permissions still apply until the user logs in again.

Where the following actions succeed, then the security-related caches are cleared:

  1. Assign Role to User

    assignRole(Role role, Scope scope, String userName)

  2. Un-assign Role from User

    unassignRole(Role role, Scope scope, String userName)

  3. Save attribute (the Resource attribute AT)

    saveAttribute(AttributeConfiguration attribute)

  4. Grant access (permission) to a Resource for a Right

    grantRightResourceAccess(Right right, SecuredResource resource, String permission)

  5. Revoke Application access for a Right

    revokeRightApplicationAccess(Right right, String applicationName)

  6. Revoke access to a Service for a Right (the term Class is used for Service in the logic)

    revokeRightClassAccess(Right right, String className)

  7. Revoke access to an Attribute for a Right

    revokeRightAttributeAccess(Right right, String className, String attributeName)

  8. Revoke access to a Resource for a Right

    revokeRightResourceAccess(Right right, SecuredResource resource)

  9. Add Right to Role

    addRightToRole(Role role, Right right)

  10. Remove Right from Role

    removeRightFromRole(Role role, Right right)

In multi-server environments, the clearing of the security-related caches only occurs on the server where the ADMIN user (the user making the security permission changes) is logged into. The user whose security permissions are changed may be logged into another server: the 8-hour cache period must expire before security changes come into effect.