A newer version of the Ed-Fi ODS / API is available. See the Ed-Fi Technology Version Index for a link to the latest version.

How To: Configure Claim Sets

The API claim sets for the Ed-Fi ODS / API are stored in a database, but are not managed through a UI, at least in the as-shipped configuration. As a consequence, managing claim sets is a task for developers. The SQL queries on this page enable a database administrator to view information about security configurations. Execute the queries from the EdFi_Security database.

Add a Resource and Action to a Claim Set

You should replace the values for @actionName, @claimSetName, and @resourceName with values you desire. In addition, if adding Upsert, Manage, or Maintain actions, then the core actions (such as Create) that comprise that composite action should also be added.

USE EdFi_Security
GO
 
DECLARE @actionName nvarchar(255)
DECLARE @claimSetName nvarchar(255)
DECLARE @resourceName nvarchar(255)

SET @actionName = 'create'
SET @claimSetName = 'SIS Vendor'
SET @resourceName = 'academicSubjectDescriptor'

DECLARE @actionId int
DECLARE @claimSetId int
DECLARE @resourceClaimId int

SELECT @actionId = ActionId FROM Actions WHERE ActionName = @actionName
SELECT @claimSetId = ClaimSetId FROM ClaimSets WHERE ClaimSetName = @claimSetName
SELECT @resourceClaimId = ResourceClaimId FROM ResourceClaims WHERE ResourceName = @resourceName
INSERT INTO ClaimSetResourceClaims
	(Action_ActionId, ClaimSet_ClaimSetId, ResourceClaim_ResourceClaimId)
VALUES
	(@actionId, @claimSetId, @resourceClaimId)

Add a Resource and Action to an Authentication Strategy

You should replace the values for @actionName, @authorizationStrategyName, and @resourceName with values you desire. In addition, if adding Upsert, Manage, or Maintain actions, then the core actions (such as Create) that comprise that composite action should also be added.

USE EdFi_Security
GO

DECLARE @actionName nvarchar(255)
DECLARE @authorizationStrategyName nvarchar(255)
DECLARE @resourceName nvarchar(255)

SET @actionName = 'create'
SET @authorizationStrategyName = 'ManagedResource'
SET @resourceName = 'academicSubjectDescriptor'

DECLARE @actionId int
DECLARE @authorizationStrategyId int
DECLARE @resourceClaimId int

SELECT @actionId = ActionId FROM Actions WHERE ActionName = @actionName

SELECT @authorizationStrategyId = AuthorizationStrategyId 
FROM AuthorizationStrategies 
WHERE AuthorizationStrategyName = @authorizationStrategyName

SELECT @resourceClaimId = ResourceClaimId 
FROM ResourceClaims 
WHERE ResourceName = @resourceName

INSERT INTO ResourceClaimAuthorizationMetadatas
	(Action_ActionId, AuthorizationStrategy_AuthorizationStrategyId, ResourceClaim_ResourceClaimId)
VALUES
	(@actionId, @authorizationStrategyId, @resourceClaimId)