A newer version of the Ed-Fi ODS / API is available. See the Ed-Fi Technology Version Index for a link to the latest version.
How To: Configure Claim Sets
- Ian Christopher (Deactivated)
The API claim sets for the Ed-Fi ODS / API are stored in a database, but are not managed through a UI, at least in the as-shipped configuration. As a consequence, managing claim sets is a task for developers. The SQL queries on this page enable a database administrator to view information about security configurations. Execute the queries from the EdFi_Security database.
Add a Resource and Action to a Claim Set
You should replace the values for @actionName
, @claimSetName
, and @resourceName
with values you desire. In addition, if adding Upsert, Manage, or Maintain actions, then the core actions (such as Create) that comprise that composite action should also be added.
USE EdFi_Security GO DECLARE @actionName nvarchar(255) DECLARE @claimSetName nvarchar(255) DECLARE @resourceName nvarchar(255) SET @actionName = 'create' SET @claimSetName = 'SIS Vendor' SET @resourceName = 'academicSubjectDescriptor' DECLARE @actionId int DECLARE @claimSetId int DECLARE @resourceClaimId int SELECT @actionId = ActionId FROM Actions WHERE ActionName = @actionName SELECT @claimSetId = ClaimSetId FROM ClaimSets WHERE ClaimSetName = @claimSetName SELECT @resourceClaimId = ResourceClaimId FROM ResourceClaims WHERE ResourceName = @resourceName INSERT INTO ClaimSetResourceClaims (Action_ActionId, ClaimSet_ClaimSetId, ResourceClaim_ResourceClaimId) VALUES (@actionId, @claimSetId, @resourceClaimId)
Add a Resource and Action to an Authentication Strategy
You should replace the values for @actionName
, @authorizationStrategyName
, and @resourceName
with values you desire. In addition, if adding Upsert, Manage, or Maintain actions, then the core actions (such as Create) that comprise that composite action should also be added.
USE EdFi_Security GO DECLARE @actionName nvarchar(255) DECLARE @authorizationStrategyName nvarchar(255) DECLARE @resourceName nvarchar(255) SET @actionName = 'create' SET @authorizationStrategyName = 'ManagedResource' SET @resourceName = 'academicSubjectDescriptor' DECLARE @actionId int DECLARE @authorizationStrategyId int DECLARE @resourceClaimId int SELECT @actionId = ActionId FROM Actions WHERE ActionName = @actionName SELECT @authorizationStrategyId = AuthorizationStrategyId FROM AuthorizationStrategies WHERE AuthorizationStrategyName = @authorizationStrategyName SELECT @resourceClaimId = ResourceClaimId FROM ResourceClaims WHERE ResourceName = @resourceName INSERT INTO ResourceClaimAuthorizationMetadatas (Action_ActionId, AuthorizationStrategy_AuthorizationStrategyId, ResourceClaim_ResourceClaimId) VALUES (@actionId, @authorizationStrategyId, @resourceClaimId)