Functionality in APEX is controlled through a series of Role and Permission definitions. Role definitions are found in the ROLES table, which contains 2 fields, the ROLE_ID and the ROLE_NAME.
APEX does not have a UI for role creation because any new role record would be created with a database script along with its corresponding permissions during a standard APEX update deployment.
The following roles are currently defined in the CeRTNA ERDS/G2G system:
| ROLE_ID | ROLE_NAME | DESCRIPTION |
|---|---|---|
| 1 | Submitter User | A role that is able to submit transactions for electronic recording. |
| 2 | County User | A role for county-side non-administrative functions. |
| 4 | System Administrator | A role with full access to the ERDS/G2G system. |
| 8 | Security Administrator | Defined but not used in the ERDS/G2G system. |
| 16 | Submitter/User Administrator | Defined but not used in the ERDS/G2G system. |
| 32 | County Administrator | A role county-side user and admin functions. |
| 64 | System Alert Recipient | Defined but not used in the ERDS/G2G system. |
| 128 | Submitter Developer | A role the emulates a submitter user but also has access to developer tools. |
| 256 | County Developer | A role that emulates a county administrator user but also has access to developer tools. |
| 512 | County Public Service User | A role for accessing county oriented web services. |
| 1024 | Agent Public Service User | A role for accessing submitter oriented web services. |
| 2048 | Payload Service User | A role setup for server-side server-side sending/retrieving/returning of transactions. |
| 4096 | Service Submitter User | A role to facilitate submitter remote folders support. |
| 8192 | Service County User | A role to facilitate county user remote folders support. |
| 16384 | Service County Administrator | A role to facilitate county administrator remote folders support. |
APEX application and user functionality is controlled based on the permissions that are assigned to a particular role. Every user record has a role assignment.
The APEX permission architecture is broken down into 5 basic categories as follows:
| Category | Description |
|---|---|
| Modules | The APEX source code is structured in manner that segregates groups of functionality into various modules, for example an Administration Module or a Common Module or a Reports Module. Within these categories source code can be sub-categorized further, for example in the Administration Module there is Agent Management, County Management, Role Management, Submitter Management, etc. In addition to permission management, structuring the code in this manner helps with resource management, for example, there is no need for the County Management module to be loaded if you are performing an Agent Management function. |
| Public Service | This category is used to define which public web services a role is authorized to use. |
| Reports | This category is used to define which reports a role is authorized to use. |
| Service Command | As a Windows Communication Foundation (WCF) based application, the APEX client communicates with server-side services that fulfill the functional delivery of client-side requests. The permission to call these services are defined based on a users role. This also serves as a security mechanism, ensuring that functions cannot be called by processes that do not have a role assigned. |
| View Permission | The APEX UI is built upon a series of visual components. For example, ribbons, buttons, tabs, grids, etc. Different functional roles will have different will use different sets of controls, for example the view that a Submitter or County sees, will be different than a System Administrator would see or the controls that a Developer would see would be different from the controls that a non-developer would see. These viewable objects are controlled through the View Permission and they are segregated based on role. |
The Following table contains a list of permissions and the roles that make use of them:
| PERMISSION_NAME | DESCRIPTION |
|---|---|
| ModulePermission_APEX.Administration.Module | Permission for Administration Module to load |
| ModulePermission_APEX.Administration.Module.AgentAssignmentAdministrationModule | Assign Submitters to Agent in administration |
| ModulePermission_APEX.Administration.Module.AgentsManagementModule | Agent Management in administration |
| ModulePermission_APEX.Administration.Module.AnnouncementsManagementModule | Announcements Management in administartion |
| ModulePermission_APEX.Administration.Module.AuthorizedSubmittersManagementModule | Authorized Submitters Management in administration |
| ModulePermission_APEX.Administration.Module.CertificateGeneratorAdministrationModule | Certificate generator in administartion |
| ModulePermission_APEX.Administration.Module.CommandManagerModule | Command Management in administration |
| ModulePermission_APEX.Administration.Module.ContactsManagementModule | Contact Management in administration |
| ModulePermission_APEX.Administration.Module.CountiesManagementModule | County Management in administration |
| ModulePermission_APEX.Administration.Module.CountyDocumentTypesManagementModule | County Document Types Management in administration |
| ModulePermission_APEX.Administration.Module.CountyHolidayManagementModule | County Holiday Management in adminstration |
| ModulePermission_APEX.Administration.Module.OrganizationsManagementModule | Organizations Management in administration |
| ModulePermission_APEX.Administration.Module.SubmittersManagementModule | Submitters Management in administration |
| ModulePermission_APEX.Administration.Module.SystemSettingsManagementModule | Submitters Settings in administration |
| ModulePermission_APEX.Administration.PayloadInspector.Module | Payload Inspector in administration |
| ModulePermission_APEX.Administration.Roles.Module | Roles Management in administration |
| ModulePermission_APEX.Administration.Users.Module.UsersManagementModule | Users Management in adminstration |
| ModulePermission_APEX.Administration.WorkstationsAdministrationModule | Workstaion Management in administration |
| ModulePermission_APEX.Common.Module | Permission for Common Module to load |
| ModulePermission_APEX.Dashboard.Module | Permission of Dashboard module in APEX |
| ModulePermission_APEX.DevTools.Module | Displays Tools of development |
| ModulePermission_APEX.HealthMonitor.Module | Displays Health Monitor of APEX |
| ModulePermission_APEX.Payloads.Editor.Module | Payloads Editor for direct entry |
| ModulePermission_APEX.Payloads.Module | Displays Payloads Panel |
| ModulePermission_APEX.Payloads.Retriever.Module | Permission for Payloads Retriver |
| ModulePermission_APEX.Payloads.Sender.Module | Permission for Payloads Sender |
| ModulePermission_APEX.PayloadService.Module | Displays Dashboard and evertything related to Payload Service |
| ModulePermission_APEX.RemoteCommands.Module | Remote Commands on administration |
| ModulePermission_APEX.Reports.Module | Displays Reports |
| ModulePermission_APEX.Repositories.Module | Displays repositories and gives access to them |
| ModulePermission_APEX.SimplifiedLogs.Module | Permission of Log Panel |
| ModulePermission_APEX.UserConfiguration.Module | Permission for User Configuration Module to load. |
| PublicServiceCommand_AddFile | Permission for adding files into the archive repository the root folder of which is set in the web.config with key PayloadArchiveFolder (default values is C:\Archive) . |
| PublicServiceCommand_CalculatePayloadChecksum | Payload CheckSum for Public Service |
| PublicServiceCommand_ExternalChecksumManagement | Permission for store and validate chekcum calls. (StoreChecksum, ValidateChecksum) |
| PublicServiceCommand_GetFileChecksum | Returns File Checksum for archived files in Public Service. |
| PublicServiceCommand_GetSessionUser | Returns the user in session for Public Service |
| PublicServiceCommand_GetSubmittedPayloadQuanitities | for public service returs number of submitted payloads for Public Service |
| PublicServiceCommand_ReplaceFile | Permission for replacing files into the archive repository the root folder of which is set in the web.config with key PayloadArchiveFolder (default values is C:\Archive) . |
| PublicServiceCommand_ValidateFileChecksum | Validatie checksum for archived file in public service. |
| PublicServiceCommand_ValidatePayloadDocumentChecksum | Validatie Payload Document checksum for public service for Public Service |
| Reports%/ERDS/Activity Reports/ActivityDetailReport%Activity Reports%Activity Detail Report%USER_ID | Activity Detail Report |
| Reports%/ERDS/Activity Reports/ActivityDetailReport%Activity Reports%Activity Detail Report%USER_ID,COUNTY_NAME | Activity Detail Report |
| Reports%/ERDS/Activity Reports/ActivityDetailReport%Activity Reports%Activity Detail Report%USER_ID,SUBMITTER_ID | Activity Detail Report |
| Reports%/ERDS/Activity Reports/ActivitySummaryReport%Activity Reports%Activity Summary Report%USER_ID,GROUPING_ID=1 | Activity Summary Report |
| Reports%/ERDS/Activity Reports/ActivitySummaryReport%Activity Reports%Activity Summary Report%USER_ID,GROUPING_ID=1 | Activity Summary Report |
| Reports%/ERDS/Activity Reports/ActivitySummaryReport%Activity Reports%Activity Summary Report%USER_ID,GROUPING_ID=2 | Activity Summary Report |
| Reports%/ERDS/Activity Reports/AgentRecordationReport%Activity Reports%Agent Recordation Report%USER_ID | Agent Recordation Report |
| Reports%/ERDS/Activity Reports/AuthorizedSubmitterReport%Activity Reports%Authorized Submitter Report%USER_ID | Authorized Submitter Report |
| Reports%/ERDS/Activity Reports/AuthorizedSubmittersReport%Activity Reports%Authorized Submitters Report%USER_ID | Authorized Submitter Report |
| Reports%/ERDS/Activity Reports/RecordationReport - Agent%Activity Reports%Recordation Report - Agent%USER_ID | Recordation Report Agent |
| Reports%/ERDS/Activity Reports/RecordationReport - County%Activity Reports%Recordation Report%USER_ID | Recordation Report County |
| Reports%/ERDS/Activity Reports/RecordationReport - Submitter%Activity Reports%Recordation Report - Submitter%USER_ID | Recordation Report Submitter |
| Reports%/ERDS/Activity Reports/RejectDetailReport%Activity Reports%Reject Detail Report%USER_ID,DETAIL_ID=1 | Reject Detail Report |
| Reports%/ERDS/Activity Reports/RejectDetailReport%Activity Reports%Reject Detail Report%USER_ID,DETAIL_ID=1,COUNTY_NAME | Reject Detail Report |
| Reports%/ERDS/Activity Reports/RejectDetailReport%Activity Reports%Reject Detail Report%USER_ID,DETAIL_ID=1,SUBMITTER_ID | Reject Detail Report |
| Reports%/ERDS/Activity Reports/TransactionAuditReport%Activity Reports%Transaction Audit Report%USER_ID,PRIMARY_REFERENCE= | Reject Detail Report |
| Reports%/ERDS/Activity Reports/TransactionAuditReport%Activity Reports%Transaction Audit Report%USER_ID,TRANSACTION_ID | Transaction Audit Report |
| Reports%/ERDS/Activity Reports/TransactionHistoryReport%Activity Reports%Transaction History Report%USER_ID | Transaction History Report |
| Reports%/ERDS/Activity Reports/TransactionHistoryReport%Activity Reports%Transaction History Report%USER_ID,AGENT_ID | Transaction History Report |
| Reports%/ERDS/Activity Reports/TransactionHistoryReport%Activity Reports%Transaction History Report%USER_ID,COUNTY_ID | Transaction History Report |
| Reports%/ERDS/Activity Reports/TransactionHistoryReport%Activity Reports%Transaction History Report%USER_ID,SORTING_ID,SUBMITTER_ID,AGENT_ID=0 | Transaction History Report |
| Reports%/ERDS/Administrative Reports/Incident%Administrative Reports%Incident Report | Administrative Report/Incident Report |
| Reports%/ERDS/Administrative Reports/Status%Administrative Reports%Status Detail Report%USER_ID | Administrative Report/Status Detail Report |
| Reports%/ERDS/Administrative Reports/Status%Administrative Reports%Status Detail Report%USER_ID,AGENT_NAME | Administrative Report/Status Detail Report |
| Reports%/ERDS/Administrative Reports/Status%Administrative Reports%Status Detail Report%USER_ID,AGENT_NAME=(Direct) | Administrative Report/Status Detail Report |
| Reports%/ERDS/Administrative Reports/Status%Administrative Reports%Status Detail Report%USER_ID,COUNTY_NAME | Administrative Report/Status Detail Report |
| Reports%/ERDS/Administrative Reports/StatusSummary%Administrative Reports%Status Summary Report%USER_ID | Administrative Report/Status Summary Report |
| Reports%/ERDS/Administrative Reports/StatusSummary%Administrative Reports%Status Summary Report%USER_ID,GROUPING_ID=County | Administrative Report/Status Summary Report |
| Reports%/ERDS/Administrative Reports/SubmitterList%Administrative Reports%Submitter List Report | Administrative Report/Submitter List Report |
| Reports%/ERDS/Administrative Reports/UserList%Administrative Reports%User List%USER_ID | Administrative Report/User List |
| ServiceCommand_AdministartionCertificateManagement | All Certificate Management calls from APEX Administration session. |
| ServiceCommand_CertificateManagement | All Certificate Management calls from APEX Agent and County sessions |
| ServiceCommand_ExchangeCertificatePublicKeys | Load client certificate public key and exchange server and client certificate public keys |
| ServiceCommand_GetAgentPayloadShortInfos | not found in source code |
| ServiceCommand_GetPayloads | not found in source code |
| ServiceCommand_GetPayloadShortDescriptions | Displays Payloads Info of selected repository |
| ServiceCommand_GetPayloadShortDescriptions_PayloadService | Displays Payloads Info of selected repository for payload service |
| ServiceCommand_GetRepositoryPayloadQuanitities | Returns Payloads number of each repository |
| ServiceCommand_GetTransactionChunkCount | gives the permission to have the number of chunks for each transaction |
| ServiceCommand_GetTransactionChunkCount_PayloadService | gives the permission to have the number of chunks for each transaction in payload service |
| ServiceCommand_GetUserConfigurationInfo | Returns User Configurations |
| ServiceCommand_GetUserInfo | Returns the information of the loged in user |
| ServiceCommand_PayloadFromLog | payload information from the transaction log table for payload inspector |
| ServiceCommand_ReceivePayload | gives the permission to be able to retrieve the submitted payload |
| ServiceCommand_ReceivePayload_PayloadService | gives the permission to be able to retrieve the submitted payload in Payload service |
| ServiceCommand_RemoteCommandManagement | Remote Commands Management on administration |
| ServiceCommand_SendPayload | gives the permission to be able to send the payload |
| ServiceCommand_SendPayload_PayloadService | gives the permission to be able to send the payloads in Payload service |
| ServiceCommand_SetUserConfigurationInfo | Gives the permission to save and update the user configuration values. |
| ViewPermission_APEX.Administration.Roles.Module.RolePermissionsAdministrationView | Roles Management to get the permissions of each role in administration |
| ViewPermission_APEX.Administration.Roles.Module.RolesAdministrationView | Roles Management in administration |
| ViewPermission_APEX.Common.Module.EditableObjectsRibbonControl | not found in source code |
| ViewPermission_APEX.Dashboard.Module.DashboardRibbonControl | Control of Dashboard on Ribbon |
| ViewPermission_APEX.Dashboard.Module.DashboardView | Displays Dashboard Panel in APEX |
| ViewPermission_APEX.DevTools.Module.AgentDevToolsRibbonControl | Controls of the Ribbon of development tools of Agent |
| ViewPermission_APEX.DevTools.Module.CountyDevToolsRibbonControl | Controls of the Ribbon of development tools of County user |
| ViewPermission_APEX.DevTools.Module.SharedDevToolsRibbonControl | Controls of the Ribbon of development tools common for different users |
| ViewPermission_APEX.DevTools.Module.StressTestingRibbonControl | Displays the stress testing control on the ribbon |
| ViewPermission_APEX.Payloads.Module.AgentPayloadsRibbonControl | controls on the ribbon for Agent user |
| ViewPermission_APEX.Payloads.Module.AgentPayloadsView | The grid containing Payloads information for Agent user |
| ViewPermission_APEX.Payloads.Module.CountyPayloadsView | The grid containing Payloads information for County user |
| ViewPermission_APEX.Payloads.Module.LocalAgentPayloadViews | The grid containing Payloads information of Local repositories for Agent user |
| ViewPermission_APEX.Payloads.Module.LocalCountyPayloadViews | The grid containing Payloads information of Local repositories for County user |
| ViewPermission_APEX.Payloads.Module.LocalSharedPayloadViews | The grid containing Payloads information of Local repositories common for different users |
| ViewPermission_APEX.Payloads.Module.PayloadsRibbonControl | not found in source code |
| ViewPermission_APEX.Payloads.Module.PayloadsView | not found in source code |
| ViewPermission_APEX.Payloads.Module.RemoteAgentPayloadViews | Permission for pyloads of remote repositories for Agent User |
| ViewPermission_APEX.Payloads.Module.RemoteCountyPayloadViews | Permission for pyloads of remote repositories for County User |
| ViewPermission_APEX.Payloads.Module.RemotePayloadsRibbonControl | Permission to display the controls on ribbon which are related to Remote payloads. |
| ViewPermission_APEX.Payloads.Module.RemoteSharedPayloadViews | Permission for pyloads of remote repositories coomon for different Users |
| ViewPermission_APEX.Payloads.Retriever.Module.PayloadsRetrieverStatusBarControl | Permission to display information related to retrive payloads on status bar |
| ViewPermission_APEX.Payloads.Retriever.Module.PayloadsRibbonControl | Permission to display retrive payload button on the ribbon |
| ViewPermission_APEX.Payloads.Sender.Module.PayloadsRibbonControl | Permission to display send payload button on the ribbon |
| ViewPermission_APEX.Payloads.Sender.Module.PayloadsSenderStatusBarControl | Permission to display information related to send payloads on status bar |
| ViewPermission_APEX.Repositories.Module.LocalRepositoriesView | Permission to display Remote repositories |
| ViewPermission_APEX.Repositories.Module.RemoteRepositoriesView | Permission to display Local repositories |
| ViewPermission_APEX.SimplifiedLogs.Module.SimplifiedLogsView | Permission to display Log Panel |
| ViewPermission_APEX.UserConfiguration.Module.UserConfigurationView | Permission to display User Configuration Page |