Security

The Security Model

The IN Tester provides a comprehensive security model that provides:

1. Feature access based on the current security level of the user.
2. Folder, flow and flow group access based on the user and group permissions of the folder, flow and group.

User Logins

All access to data shown in the IN Tester web interface is through the web API. The web API is accessible only to authenticated uses.

User authentication is controlled by a username and password. Passwords are stored in a highly secure encrypted format designed specifically for password storage.

Users both have a feature access level, and a list of one or more groups which they are part of.

Feature Access

Each user is given access to IN Tester features based on a feature security level. There are three feature security levels:

1. Administrator. An administrator has access to all features in the IN Tester without restriction.
2. Flow Creator. A flow creator has access to all non-admin functions of the IN Tester. Admin functions are available in the Admin menu of the GUI.
3. Flow Executor. A flow executor can view and execute flows, but not create or change flows.
   

Groups

In addition to feature security levels, users belong to one or more groups. Belonging to a group will give the user access to folders, flows and flow groups with appropriate group permissions.

Each user has a default group which is used when identifying which group a newly created flow, folder or flow group should belong to.

Flow, Folder and Flow Group Permissions

Feature access is complimented with per-flow, folder and flow group permissions. Collectively the rest of this document will refer to flows, folders and flow groups as items. Each item is given:

• A user who is the owner of the item.
• A group who is the group owner of the item.
• Permissions that identify the level of access the owner, the group and others have to the item. Permissions for each of these three groups may be set up to provide, read, write and/or execute access to the item.

Item permissions are very similar to how unix file and folder permissions work.

Note that even users who are given the feature level access of Administrator are governed by these rules.

Environment Permissions

Each environment can be restricted to one or more groups. By default an environment is not restricted and can be acccessed by all users. By using the restricted_to environment configuration element, an environment can be limited to one or more groups.