Authorization Services

Authorization is a security service that is usually performed after authentication to determine what access an authenticated user/system has. In other words, authorization determines if a requested operation or function is permitted to a given authenticated user or system.

Simphony cloud components and POS devices such as workstations and KDS controllers use role-based access control (RBAC) that restricts system access by granting privileges and permissions to roles. These roles are assigned to users based on their operational needs. The RBAC authorization is not optional, cannot be bypassed, and is automatically performed without the need for configuration.

The principle of least privilege (POLP) security practice recommends using the minimum access required by users to perform their intended functions. Administrators must exercise POLP when creating roles and assigning roles to specific users to avoid granting more privileges than necessary.

Administrators create roles in the EMC. See the Oracle Simphony Configuration Guide for more information. Roles are assigned to users through People Management. See the Oracle Restaurants Reporting and Analytics Guide for more information.

Simphony cloud services use RBAC based on the system type (for example, POS or KDS). A KDS can’t request a function that is exclusively reserved for POS clients. Administrators cannot configure or assign system RBAC roles.

Simphony strictly enforces organization separation. Users and systems are only authorized to access information for organizations to which they are related. Administrators cannot configure this functionality.