The security information associated with an application must first be organized into security profiles before it can be utilized in a runtime environment. A security profile consists of a security role, one or more security groups and the associations between security identifiers (SIDs) and securable elements of an application.
Every authorized user is assigned a security role during security configuration and these roles are associated with a number of security groups. Each security group is associated with a number of security identifiers. The security identifier represents the securable elements of IBM Cúram Social Program Management, e.g., a method or a field. The role, groups and identifier information is stored on the database in a number of tables and is configured using the application Data Manager or the Cúram Administration screens.
This data structure makes it possible to authorize every user against any secured element of an application. This is a powerful and flexible method of providing authorization to Cúram users.
There is a minimum set of SIDs required for a user to operate the Social Program Management Platform application. These SIDs are associated to the out-of-the-box BASESECURITYGROUP group. The EJBServer/components/core/data/initial/handcraftedscripts/Supergroup.sql file should be consulted to identify the list of these SIDs. This file is responsible for linking the SIDs to the BASESECURITYGROUP out-of-the-box.
A simple way to ensure that all users have the privileges from this set of SIDs is to create a single security group for them and then associate that security group with every security role in the system.