Skip to content

Security

Access Keys

Access keys work on a model where the Account, Template and Document all have a 'key'. Access is granted to the Template or Document based on a match with the Account key. The Account key has a set of CRUD (Create/Read/Update/Delete) rights which determine the actions that can be taken on the document. The Account, Template and certain components have the capacity to create Keys on a related document via the 'AttachKeys' array.

The model is simple but very scalable.

Simple Document/Template Access:

Here, Jim has an account key of 123 and Jill has an account key of 124. Jim will have access to the template (key 123). The template will write the attach key (123) to the document and hence Jim will have access to the document (key 123). Jill will not have access to either the template or the document as neither have the matching key (124)

alt text

Restricted Template Access:

Here we might wish to restrict access to the template so that only certain employees can create new jobs. This scenario may apply to an organisation with contractors for example.

Jim has an account key of 123 and Jill has an account key of 124. Jim will have access to the template (key 123). The template will write the attach key 123 AND key 124 to the document and hence Jim will have access to the document (key 123). Jill will have access to the document (key 124), but NOT the template that produced it (key 123).

alt text

Restricted Document Access:

Here we might wish to restrict access to the document so that only certain employees can view a document. This scenario may apply to sensitive documents within an organisation such as personal records / complaints etc.

Jim has an account key of 123 and an attach key of 125. Jim has access to the template (key 123) and when that template produces a document, Jim's attach key (125) is written to the document along with the key 124. Jill is in the HR department and has an account key of 123 and 124 (as well as her own attach key). This enables Jill to access the template (key 123), the document (key 124) and create her own private document with key 126. Steve has an account key of 123 and his own attach key of 127. Steve can access the template with key 123, but will not be able to access the private document of Jim.

alt text

Application permission decision flow