Security

OroSecurityBundle extends Symfony security capabilities to enable a role-based ACL security system in the Oro applications.

The bundle enables developers to set up access restrictions for entities and non-entity-related actions using the DOC-block annotations and the YAML configuration files. It also provides UI for application administrators to configure the entity-specific permissions for particular user roles based on entity ownership.

Read more in the following topics below:

• Introduction to Security in Oro Applications

  • Access Control Lists

  • Permissions for Entities

  • Protecting Resources

  • Role Based Access Control

• Access Levels and Ownership Illustration

• OroSecurityBundle Features

  • ACL Manager

  • Field ACL

  • Custom Listeners

  • Access Rules

  • HTTP Security Response Headers

• Custom and Configurable Permissions

  • How to Configure and Apply Custom Permissions to an Entity

  • How to Work with Configurable Permissions

• Global View Entities

• Security Response Headers