Important

We are updating the images for OroCommerce version 6.1 to align with the latest changes in the back-office design. During this transition, some images may still show older versions. Thank you for your patience as we work to update all visuals to reflect these changes.

Security

OroSecurityBundle extends Symfony security capabilities to enable a role-based ACL security system in the Oro applications.

The bundle enables developers to set up access restrictions for entities and non-entity-related actions using the DOC-block annotations and the YAML configuration files. It also provides UI for application administrators to configure the entity-specific permissions for particular user roles based on entity ownership.

Read more in the following topics below:

• Introduction to Security in Oro Applications

  • Access Control Lists

  • Permissions for Entities

  • Protecting Resources

  • Role Based Access Control

• Access Levels and Ownership Illustration

• OroSecurityBundle Features

  • ACL Manager

  • Field ACL

  • Custom Listeners

  • Access Rules

  • HTTP Security Response Headers

• Custom and Configurable Permissions

  • How to Configure and Apply Custom Permissions to an Entity

  • How to Work with Configurable Permissions

• Global View Entities

• Security Response Headers