Security Examples

Security Examples
You can familiarize yourself with security using the security examples that are included with the Sample API.
In this article:
Verify Prerequisite
Before using the following security examples, ensure you understand authentication and authorization.
Complex Permission Predicates
In the following security example, the row filter ensures that guests (authorized for the 
 role) do not see orders for secret parts, such as Stealth Bolts. The row filter is a correlated sub query.
You can view an example of permissions in the Sample API.
Follow these steps:
  1. With the Sample API open, in the Secure section, click 
    API Roles
  2. Select the 
  3. Click the 
    Entity Permissions
  4. View the row filter in the 
    Row Filter
    "ident" not in (
    select o."ident" from "orders" o
    join "lineitems" l on l."order_ident" = o."ident"
    left join "products" p on p."name" = l."product_name"
    where p."is_secret" = true)
Assign Globals
Each user is assigned the 
Normal user
 role, which in the Sample API, filters orders based on their amount. The global value that is referenced in the row filter specifies the exact amount for each user.
Best Practice:
 Assign a global to user-based rows, as shown in the Demo API Sample.
The following image shows the 
Lincoln, A
 auth token in the Sample API:
This auth token defines a 
 global value. The 
A. Lincoln
 user is assigned to the 
Normal user
 role. This role specifies the 
Access orders
 permission for the 
 table and uses the 
 global value in the row filter:
 Screen Shot 2017-11-14 at 12.25.27 PM.png 
Examine Security-Augmented SQL using the REST Lab
Verify the proper operation using logging and the REST Lab.
For more information:
Follow these steps:
  1. With the Sample API open, in the Secure section, click 
    Auth Tokens
  2. Select the 
    Lincoln, A
     authentication token.
  3. Click the 
  4. Change the logging settings 
    , which are the typical logging settings, and then save your changes.
  5. In the Tools section, click 
    REST Lab
  6. Issue a GET request for the 
     table with the 
    Broad access
     auth token by selecting the 
     endpoint, selecting the 
     table, choosing the 
    Lincoln, A
     authentication token, and then clicking 
You have verified the result and see the generated SQL.