User context and authorization play an important role in building custom applications when using the SLB digital platform.
A context is a set of metadata associated with the user, based on pre-defined business rules, ensuring that they align with organizational policies and workflows. It primarily consists of-
This provides information about the user’s organization, contractual agreement under which consumption of product and services to be metered, and the organization hierarchy. This comprises of three key entities-
- The account is the highest organization entity in SLB digital platform. Typically, there will only be one account per company. All users, departments, contracts, data sources, and user groups are associated with the account.
- The contract defines the key commercial and pricing terms applicable to the online services for that account, such as – monthly cap, contract term, pricelist, commitments etc.
- A department is a mechanism of managing users and their consumption of SLB offerings within an account and contract. An Account Admin can create departments in Digital Home and add users to that department.
This refers to the active data partition a user is working on.
- A data partition is an enterprise-wide container, used for data aggregation, separation, and sharing purposes. It is a ‘virtual’ data boundary, which enables users to access specific data based on their department or group assignments. Users can work in data partitions across multiple accounts.
Authorization in the SLB digital platform is context aware and ensures that users and applications can only access resources within the context they are operating in. This approach enhances security and reduces complexity for developers.
The two authorization aspects which are supported today-
- An application should verify that user has a subscription to their application in the user’s selected context. This validation should be at the contract level (using “contractId” parameter) to ensure that right contractual terms are honored for the access and metering.
- An application should verify that the user has access to the data partition selected under data context. This validation should be based on the “slbPartitionId” of the data partition.