A security role is a collection of user accounts sharing the same permissions. Roles can be used in Access Control Lists (ACL) to specify who can access the given resource.
The ACL specifies whether the role is allowed to:
- Create the resource
- Read the resource
- Update the resource
- Delete the resource
A user account can only be assigned a single role. If you need to allow more permissions to one or more user accounts, assign them a new role and then update each resource to specify the new role's permissions for it.
Telerik Platform provides two system roles to facilitate the security mechanism: Anonymous and Owner, but you can create as many additional roles as you need.
The Anonymous role is a system role used to define permissions for unauthenticated requests (which includes requests with wrong credentials).
Be extremely careful what permissions you assign to the Anonymous role as allowing it even read permissions for a sensitive content type may compromise your security.
In Telerik Platform, every data item can have an owner who is a valid registered user. The Owner system role is used to define permissions for item owners.
When the Owner is granted a certain permission, it applies to all items that they own, even if the content type permissions deny access to them.
The Owner role is automatically set to the user account that creates the item. Changing the owner is possible only by the owner themselves or with Master Key authorization.
In addition to the system roles, you can create custom roles to meet your application's requirements. Managing custom roles requires adding the User Management service.
Each new Telerik Platform application comes with a single custom role predefined for you—
Registered, but you can define as many custom roles as you need.
One of the custom roles is always set as default for the application. It is automatically assigned to newly registered users unless another is specified in the registration request. The initial default role is the Registered role.
Although you can set a role other than the default in your request, it will not take effect unless you use Master Key authentication. Using Master Key authentication in your application is not recommended because you expose your application's master key which is a security risk. Instead, create the user account with the default role and then set the role that you want using the Telerik Platform portal.
A good use-case for custom roles is to have Registered and Premium roles, where you assign users to the Premium role when they make an in-app purchase. This way you can provide them with access to exclusive content only available to paying customers.