Verification and authorization security features are enabled on
ESCWA through its ESF configuration. This means that for any given user, they are challenged to login to
ESCWA through a verification process and their level of access will be determined through authorization. Therefore you will require
the following:
- An ESF configuration that contains an ESM stack.
- The ESM stack will include at least one ESM which is either an LDAP or VSAM based security manager. This ESM will be used
for resource checks which will determine authorization.
- There must be a list of resource classes which contain resource entities.
- When
ESCWA makes authorization checks using the LDAP or VSAM ESM, it will check the
Common Web Administration resource class and whichever relevant resource entity is contained within it.
- As part of the ESF configuration, a user will be a member of a group and users and groups will be referenced in the resource
entity ACL strings.
- The authorization is performed by checking ACEs within an ACL string. ACEs contain references to users, groups, and permission
levels.
With the addition of the
Role Tasks resource class, new resource entities have been added which
ESCWA can check for authorization.