OpenWGA 7.1 - OpenWGA Concepts and Features

Authorisation

Virtual user groups

Virtual user groups are groups that do not come from the authentication source of an application. OpenWGA instead issues them to users meeting certain conditions.

They are intended for use in metadata fields for document level authorisations. Their usage as names in the access control list is not appropiate. They also do not show up in any group listings for a user.

Group "*"

The star sign group simply includes all users. Simply specify a star sign "*" everywhere in authorisation fields where all users should be granted the respective right (and an empty field would not mean the same).

Group "authenticated"

This is a virtual group that is automatically owned by all users who could successfully login to the authentication source. So effectively this group only excludes "anonymous".

Use this group in authorisation fields where you want the respective right to be denied for anonymous users but granted for all others.

Access level groups "accesslevel.*"

Access level groups are owned by all users who are permitted a certain Access level via ACL. There is an access level group for every access level actually granting any access to the application. These are the group names:

  • accesslevel.reader
  • accesslevel.author
  • accesslevel.editor
  • accesslevel.manager
Users with a certain access level own the group of that certain access level plus all the groups of lower access levels. So a user being granted access level "EDITOR" owns the groups "accesslevel.editor", "accesslevel.author" and "accesslevel.reader", but not "accesslevel.manager".

Use theses groups in authorisation fields where you want the respective right to be bound to the ownership of a certain access level.