Manage Roles and Keys

Log into the role/key administration page.

You will be presented with a page for editing the roles and setting the encryption keys.

Child Roles

These are roles that represent a hierarchy. A parent role has access to encryption keys of all its direct and indirect children. For instance, in a real application there may be a manager role and an employee role. The manager should have access to employee encryption keys because she should be able to view data related to the employees. At the same time, the employee should not have access to data related to the manager.

Encryption Keys

Once an encryption key is set, it cannot be viewed. Also, encryption keys are never over-written or deleted. So, it is good practice to set encryption keys on a regular basis. All the keys that are related to a role and its child roles are accessible through a special JSON service in \php\serviceget\KeysJSON.php, and each key has a creation date. The creation date should be used to decide which key to use for encryption and decryption of data.

Deleting Roles

It is worth noting that roles cannot be deleted if they have related users. This check is recursive, so if a role has a child role with users, then the parent role cannot be deleted.