Delegated access can be configured in the current domain on the “System Configuration” tab in the Delegated Access (COOSYSTEM@1.1:objsecdelegated) field.
The following fields are available:
If this field is set to “Yes”, “Send and Authorize” is available in the context menu of an object. The generated link contains information on the sender. When a user accesses the link, the user object is added to the property Access via Send (COOSYSTEM@1.1:objsecdelegated) using the security context of the original sender. If the original sender does not have access to the object anymore, access cannot be delegated. By adding the property Access via Send (COOSYSTEM@1.1:objsecdelegated) to an ACL, specific access privileges can be granted.
- Use by Default
If this field is set to “Yes”, selecting “Send” in the context menu of an object generates links for delegated access by default. “Send and Authorize” is not available in this case. Defaults can also be set in the user environment by setting the property Use Access via Send by Default (COOSYSTEM@1.1:usrenvdelegationdefault) to “Yes”.
- Token Expires After Minutes
In this field, an expiration time can be set in minutes. Links sent using “Send and Authorize” will automatically expire after the specified time. The expiration time is not stored in the token, so that expired links can be extended by changing the configuration.
- Private Key Path (.p12)
This field contains the path to the generated private key (in a Microsoft Windows environment for example C:\Program Files\Fabasoft\Components\Certificates\delegation.p12 and in a Linux environment /opt/fabasoft/share/certificates/delegation.p12). This file has to be readable for every Fabasoft Folio Web Service. In a default installation, the private key is generated automatically. If an installation is split across multiple computers, the private key has to be stored on all servers hosting a Fabasoft Folio Web Service.
- Private Key Password
In this field the passphrase of the private key has to be entered. In a default installation, the password is generated automatically.