Security
The Security Model
The IN Tester provides a comprehensive security model that provides:
- Feature access based on the current security level of the user.
- Folder, flow and flow group access based on the user and group permissions of the folder, flow and group.
User Logins
All access to data shown in the IN Tester web interface is through the web API. The web API is accessible only to authenticated uses.
User authentication is controlled by a username and password. Passwords are stored in a highly secure encrypted format designed specifically for password storage.
Users both have a feature access level, and a list of one or more groups which they are part of.
Feature Access
Each user is given access to IN Tester features based on a feature security level. There are three feature security levels:
- Administrator. An administrator has access to all features in the IN Tester without restriction.
- Flow Creator. A flow creator has access to all non-admin
functions of the IN Tester. Admin functions are available in
the
Admin
menu of the GUI. - Flow Executor. A flow executor can view and execute flows,
but not create or change flows.
Groups
In addition to feature security levels, users belong to one or more groups. Belonging to a group will give the user access to folders, flows and flow groups with appropriate group permissions.
Each user has a default group which is used when identifying which group a newly created flow, folder or flow group should belong to.
Flow, Folder and Flow Group Permissions
Feature access is complimented with per-flow, folder and flow group permissions. Collectively the rest of this document will refer to flows, folders and flow groups as items. Each item is given:
- A user who is the owner of the item.
- A group who is the group owner of the item.
- Permissions that identify the level of access the owner, the group and others have to the item. Permissions for each of these three groups may be set up to provide, read, write and/or execute access to the item.
Item permissions are very similar to how unix file and folder permissions work.
Note that even users who are given the feature level access of Administrator are governed by these rules.
Environment Permissions
Each environment can be restricted
to one or more groups. By default an environment is not restricted
and can be acccessed by all users. By using the restricted_to
environment configuration element, an environment can be limited
to one or more groups.