Complete the following steps for the workspace level check.
Procedure
- Determine if the Principal has System Administrator permissions at the system level. If yes, consider that Principal authorized.
This check is an optimization from executing the rest of the checks.
- Identify the target concrete workspace from the access context.
- Check if the workspace is explicitly associated to the Principal. If no, skip to step 6 of this procedure.
- Obtain overridden permissions for the Principal on the target workspace if configured; if no overridden permissions exist, skip to step 7 of this procedure.
- Check if the required privileges are a subset of the permissions assigned to the Principal, against the target workspace. If yes, consider the supplied Principal as authorized and return. If no, consider the supplied Principal as not authorized and return.
- Identify the containing network from the workspace from the access context.
- Check if the network is explicitly associated to the Principal. If no, skip to step 14 of this procedure.
- Obtain overridden permissions for the Principal on the network if configured; if no overridden permissions exist, skip to step 12 of this procedure.
- Check if the required privileges are a subset of the permissions assigned to the Principal, against the target workspace. If yes, consider the supplied Principal as authorized and return. If no, go on to next step.
- Obtain default permissions for the Principal on the target workspace if any.
- Check if the required privileges are a subset of the permissions assigned to the Principal, against the target workspace. If yes, consider the supplied Principal as authorized and return. If no, continue on to next step.
- Obtain default permissions for the Principal on the network identified earlier.
- Check if the required privileges are a subset of the permissions assigned to the Principal, against the target workspace. If yes, consider the supplied Principal as authorized and return. If no, go on to next step.
- Perform the system level checks. Checking the NCM system