It is important for an application of an enterprise company to have a solid and flexible data protection system.
CMDBuild manages access permissions in a consistent and granular way:
- in a consistent way because it is independent from the request source channel, be it the desktop web user interface or the REST webservice (mobile interface, Self-Service portal, etc.) or the webservice SOAP (connector, etc.)
- in a granular way, because the permissions can be defined on classes (also restricted to rows or columns), processes, views, search filters, reports, dashboards
Permissions are assigned to user groups (roles) and every user can belong to one or more roles.
The user's login can be done through:
- local control on the CMDBuild database
- local control of user's presence in the CMDBuild database and password control on the LDAP system
- activation of a SSO (Single Sign On) system through:
- LDAP server or MS Active Directory through CAS (Central Autentication Service);
- SAML 2.0 protocol;
- ADFS 4 (Active Directory Federation Services) via SAML protocol;
- Header authentication delegated to authentication systems at the HTTP proxy level;
- OAuth2 authentication (custom).
In case of multiple Companies' use, or use among Departments or independent Branches/Locations within a Company, it is possible to configure CMDBuild in Multitenant mode, allowing each Tenant to work on an isolated CMDB subdivision.
It is possible to configure both a complete division (completely separate databases) and partial divisions (some information in common with all users and other separated).
The list of usable Tenants can be defined from an applicable class of CMDBuild (locations, companies, customers, etc.) or from a database custom function, where complex visibility rules can be implemented..