Role/Group Based Access Control

Access to the methods or endpoints of the web service can be controlled by role or group-based authentication policy.

Figure: Role/Group Based Access Control

In order to add a Role / Group-based Access Control policy, an Authentication policy must be added first.

To define the Role / Group-based Access Control policy, the fields that are described below are entered.

  • Add Roles to Header : If the option is cheched and authorization succeed, APINIZER adds the roles of the client to “X-Authenticated-UserRoles” header.

  • Identity/Role/Group Service:

    • Authentication service is selected from the pop-up window by clicking on Click to select Authentication Service. This value can be left blank if the authorization method is JWT or OAuth2 . In this case, validation of the roles is made with the roles contained in the token.
    • By clicking on Remove Authentication-Service-Name, the existing service can be deleted and a new service can be added.
  • Roles/Groups: Write comma separated list of roles for the API.Client must have ALL or ANY (as the one selected below) of Roles/Groups defined here to access API.

  • Enable Role/Group Based Method Access: When this option is enabled, the Role or Group Information of users can be defined to access the methods of the web service. In the first input field, the role or group name is selected, and the necessity of roles in the second input field is selected.

  • Error Message Customization: The error code and error message that you want to customize for this policy is entered.

  • Click Save button to save the operation.