Security Resource Mapping
- Last UpdatedMar 12, 2021
- 2 minute read
Resource Mapping are pre-defined groups with their own set of rights that are applicable to the users, who are a part of these groups. Resources can be added to the groups either individually or added based on their roles.
Mapping users or roles in the security groups defined for that repository is known as security resource mapping.
A repository can be mapped to any of the following Resource Provider:
-
Active Directory
-
Forms
-
ASP.NET membership
-
List
Default Resource Mapping to Security Groups
-
Administrator Mapping - Admin should be configured while creating repository.
-
Default Mapping - By default, the Admin is mapped to Administrator security group and all created users are mapped to Limited Access security group.
-
If the resource mapping does not exist for a user then that user will be a part of the 'Everyone' role.
-
By default, the 'Everyone' role is mapped to Limited Access security group. If resource mapping does not exist for a user then the rights defined for limited access will be applied to that user.
-
Role(s)/Individual user(s) can be mapped to different Security Groups at the Global, List or List Item level. The users will have access rights to the entities as defined in the Security Group.
-
While mapping Roles to Security Groups, there is an option to set a priority number. In case a user is part of multiple roles and these roles are mapped to different Security Groups, then the security will take effect based on the priority number. The Role mapping with the least priority number to the security group will the effective security group for the user.
-
The mapping defined at the lower level will take precedence over any mapping defined above it. Hence, a mapping done at the List level will override any mapping done at the Repository level. Similarly, mapping done at the List item level will override any mapping done at the List or Repository level.