Permissions are the types of access that security principals have on securables. Before a user can read, write, or perform any specific operation on a securable, the Client Service always performs an authorization check. This check verifies whether the user has one or more permissions effectively granted for the securable being accessed.
HsM defines two types of permissions: system permissions and customer permissions.
•A customer permission that is assigned to customer securables (via a role) applies to that customer and may apply to related customers via role assignment inheritance.
•A customer permission that is assigned to the system securable (via a role) applies to all customers in the system.
•A system permission that is assigned to the system securable (via a role) applies to the system.
•A system permission that is assigned to customer securables (via a role) will not have any effect.
Permissions are never granted to users directly but only via role assignments.
Permissions are defined by HsM and cannot be modified by users of the system. As the list of permissions is evolving it is best documented via the Standard API.
Permissions are uniquely identified by their permission code, which is a a string matching the the regex pattern ^[A-Z0-9_]{3,100}). The permission code expresses the purpose or usage of the permission. Permission codes are always in English and are not translated. Permissions may have an associated description that describes the purpose or usage of the permission in further detail.
