Atoti Security Overview
Atoti is designed to integrate within an existing information system, that is particularly important for security because Atoti may delegate authentication and authorization to existing facilities, for instance an LDAP directory, an ActiveDirectory server, or a custom in-house application.
That's why the security stack of Atoti is implemented with separation of concerns in mind, the three security layers being independent, pluggable and decoupled from the core software.
We distinguish several layers in the security stack:
- Authentication: validating a user and its password
- Authorization and Entitlements: entitling an authenticated user with its username, roles, etc.
- The entitlements are then used, within the application, to determine which data can be queried and what actions are allowed: see Database Access Control, Cube Access Control and Branch Permission Manager.