API Tutorial Lesson 08 - Managing User Rights
This lesson's sample code depicts the usage of 'rights' on our transaction manager in regards to users. Whenever a user is newly registered, the 'US' right (shorthand for 'User') is automatically assigned to him. Any other right that user might need over time has to be granted afterwards to him.
As specific API calls limit calls to login by users owning specific rights, it is necessary to verify if a user owns specific rights or not. The 'UserRightValid' API allows verifying if a certain user (identified by his e-mail address) owns a specific right or not. Its first parameter identifies who is retrieving the information: a user can always retrieve information about his own rights, and a strict set of rules is applied in other situations to avoid security bleaches.
In order to assign a new right to a specific user, the 'UserRightAddAllow' and 'UserRightAddCommit' APIs must be used. They require login by another user, which we call the 'managing' user in the example depicted in the Figure. Success of assigning this new right to the specified user is decided by our single entry point engine based on the internal rights grant table, explained in detail by the technical note on user rights.
US Patent Requested