Multiple Users and Authentication

Any client must successfully log in to the Xpress Insight server with an authenticated set of user credentials before the program can make any requests of the server.

Once a user is authenticated, the authorization system returns a set of authorities for the logged in user. Certain authorities are required to invoke actions by the Xpress Insight server. The Xpress Insight Administrators Guide contains a full list of the built-in authorities and the actions they authorize. A user account is associated with one or more authority groups.

Each app has a list of users that are members of that app. A user must be a member of the app to access any of the content of that app. The creator of an app is granted membership automatically. The Xpress Insight Administration Interface can be used to assign membership to other users (see the Xpress Insight User and System Administrator Guide for more details).

Each folder and scenario has an owner and a share status. By default the owner is the user who created the object although ownership can be changed for existing objects. There are 3 levels of share status: private, read-only and full. When an object is created it inherits the share status of its parent folder (in the case of objects created in the app root, the share status will be private).

The share status and ownership attributes of an object dictate which users have access to the object, and what actions are allowed on that object. In general only the owner of a private object can view and edit that object (the exception to this is a user who has the SCENARIO_ALL privilege that grants access to any object). All members of the app can view (but not edit) read-only shared objects owned by other users. All members of an app can view and potentially (if possessing the required authority to edit the object) edit an object shared fully.

Share status and ownership can be set by any user who can edit the object in question.