Working with Claims from an OAuth2 domain
Claims are key/value pairs that contain information about a user. The Bearer tokens contain the Claims for which the TDV policies can be applied to access specific data from the published TDV resources.
All the TDV functionalities supported by Domain Groups are supported by Claims (For example, Setting Resource Rights and Privileges, Row-Based and Column-Based Security Policy Assignments, Workload Management, etc.). Refer to the Administration Guide for the details about these functionalities.
Claims can be registered to an OAuth2 domain in TDV, using “Add Claim” option from the “Claim Management” screen. To do this:
|
1.
|
From the SECURITY tab, choose Claim Management. |
|
3.
|
Enter the Domain Name. |
|
4.
|
Enter the Claim Name. You can get the claim name from your Identity Provider. |
|
5.
|
Assign Rights and Privileges as needed. |
Alternately, you can define the field “Claim Info JSON” while creating the domain and use the “Edit External Claims” option in the Domain Management page to add the claims into your domain.
When the Edit or Add External Claims window is displayed, the currently available OAuth2 Claims are displayed, and those Claims already selected for use within TDV are shown with a marked check box.
After adding an OAuth2 Claim to TDV, rights can be assigned and data sources can define privileges for the Claim to use resource definitions and data. In other words, Claim membership dictates the rights and privileges to use the TDV resources.
Adding a Claim to an OAuth2 Domain
Adding claims to an OAuth2 domain gives the TDV system a way to support differentiated access, and use of TDV-defined resources for selected claims without including the entire domain. Claims are basically principals recognized by the domain.
Set appropriate rights and privileges for OAUth2 Claims in the same way that TDV groups and users get assigned rights and privileges. Privileges are assigned at the individual resource level to Claims in order to access data through JDBC, ODBC, or Web services clients.
See Managing Security for TDV Resources for more information on assigning Rights and Privileges and defining Row Based Security rules. Claims are synonymous to TDV Groups, except that there are no individual users who belong to a Claim. The Claim itself acts as an identity along with its signature that will be verified before giving access to protected data.
To add a claim from an OAuth2 domain
|
7.
|
In Manager, choose SECURITY > Claim Management |
|
8.
|
Choose your domain and click on Add Claim button. |
|
9.
|
In the Add Claim window, type your OAuth2 domain name in the Domain Name field. |
|
10.
|
Type your Claim name. |
|
11.
|
Choose the appropriate Rights and Privileges. |
Removing a Claim from an OAuth2 Domain
Removing a claim from an OAuth2 domain deletes the OAuth2 claim and all implicit rights and privileges on the TDV Server.
To remove a claim from an OAuth2 domain
|
13.
|
In Manager, choose SECURITY > Claim Management |
|
14.
|
Choose your OAuth2 Domain from the drop down. |
|
15.
|
Choose the Claim that you want to remove. |
|
16.
|
Click the Remove Claim button to remove the claim. |
Viewing Claim Membership
The TDV administrator with Read All Users right can review and monitor Claim membership from the Manager.
To view a Claim membership in an OAuth2 domain
|
17.
|
In Manager, choose SECURITY > Claim Management. |
|
18.
|
Click on the Claim that you want to view and click on Edit Claim to view/edit the Rights and Privileges assigned to a Claim. |