Altinn Platform - Authorization
Description of authorization component
This page is a work-in-progress. Currently we haven’t defined all the resources and operations for the authorization component.
The Authorization component exposes a REST-API to Altinn Apps.
Authorization is used by the applications to authorize an action requested by the logged in user on a given resource and to retreive policy information. Use the authorization api to manage authorizations in altinn platform.
Resources: Actor, Roles
A party is a person whom you can represent and perform a request on his behalf. A logged in user can retrieve a list of parties that he/she can represent.
Get a list of parties that the user can represent. The userid is sent as parameter
Validate that a given user is allowed to represent a given party. The partyid and userid are sent as parameters
A role in altinn offers or denies right to the logged in user to perform an action or group of actions for him or on behalf of someone.
Get a list of roles that the user can perform for the selected party
A set of polices contains authorization rules.
Stores / updates rules for a given app, defined in the query string. The rules are sent in the body of the request. Reade more about the policy format here.