API Server determines what authenticated API calls have permissions to do by looking at the roles assigned to the auth token.
API Server determines what authenticated API calls have permissions to do by looking at the roles assigned to the auth token. The following sections explain the basic facilities.
For more information:
In this article:
Role-based access control (RBAC) provides authorization control over what table, view, procedure, resource, and meta table REST endpoints are visible to which roles. You can also control a role's permissions to call specific function-based endpoints, specific entity-based endpoints, and resource-based endpoints.
Globals are variables that
CA Live API Creatormakes available to each transaction so that they can determine what data the user should have access to.
Auth Token Globals
In most cases, your authentication provider makes the values of the authentication token available as globals (for example, the
LoginIdglobal), with the exception of the password. In addition, your authentication provider can return a set of global values. For example, scalar values such as UserName and objects such as a database row (for example, retrieved by the
Built-in Authentication Provider Globals
built-in authenticationauthentication provider provides the
user_identifiervariable for the
_apikeysystem global. For example:
For more information about auth tokens, including the
user_identifier apikeysAPI creation endpoint attribute, see Auth Tokens.
API Creator predefines the following globals, sets them for every transaction, and references the predicate:
System Global Name
The auth token (
) object currently in use.
The API currently in use.
The account currently in use.