glossary
Devii Portal: Graphical and interactive elements through which users interact with Devii.
Root role: Special global admin privileges that bypasses all Policy within that tenant.
Tenant: One set of Roles, Role Classes, Policy Rules, and other configurations who share a common access for working with one database instance.
PBAC: Policy-Based Access Control, a system for accessibility of objects (tables, records, views, roles) to a principal role based on lookup of the rule scope, and filtering based on the filter expression.
Role: User or group of users in Devii.
Role Class: Attribute that can be attached to Role or set of Roles, used to group Roles together for policy.
Policy Rule(s): A statement granting access to DB objects identifying the principal actors, operations, targets, and a filter condition for which access is granted. Rule is a statement saying subject can perform operation on object if xyz condition is true. Subject can be one or multiple Roles, one or multiple Role Classes, or Global (all).
Capabilities: Represents the ability to perform an operation or set of operations.
Target: Tables contained in the database.
Filter Expression: An expression in the Devii expression language evaluated (access or operation to complete) as part of the Policy Rule. E.g., if Operation is Select, the filter will limit what can be retrieved. Filter limits which rows can be acted upon. For Insert / Update, Actor cannot Create or Modify a record such that it would fail the test.
Database: An electronically stored, organized, systematic collection of data. It can contain any type of data, including words, numbers, images, videos, and files that can be searched, sorted, and updated.