You are reading the documentation for an outdated Corteza release. 2024.9 is the latest stable Corteza release.

Security

As with any system, automation scripts can cause unwanted complications if misused or left open for modification by users who might do harm, willingly or otherwise.

You (or whoever is responsible for the system) is responsible for making sure that the automation scripts are audited and written in a way that they are not harmful to the system or the data.

Automation script execution

Automation script execution is not jailed or virtualized and it is ran in the same context as the automation system; either Corredor in the case of server scripts or any front-end application in case of client scripts.

It is recommended to make use of security context feature described in the following subsection, and limit the permissions each automation script can use.

Security context

Automation scripts are no exception to Corteza permission system; any operation performed by an automation script (such as record creation) must pass all permission checks required by the resource. When not defined otherwise, manual and implicit automation triggers use the current user’s permission scope for the automation scripts security context.

But there are cases where this is not sufficient, and the execution requires permissions that the invoker does not have. For such cases we can specify a custom security context that the automation script will run in.

An automation script requires system user creation, which requires a specific set of privileges that user, running the script might not have. Instead of giving our users elevated privileges, we can define the security context of the automation script.

The same also applies to deferred, interval and sink automation scripts, since they are executed by the system without any user interaction (at least we can’t be sure who exactly executed it). In this case, the security context is required.

Due to privacy and security concerns, security context definition is not available for client side scripts.

When using custom permission context, we strongly recommend using a system user with the minimal required set of permissions to execute the required operations.

Role-based access control

Role-based access control allows us to define what user can access what automation scripts based on their permissions.

This only applies to explicit and client side automation scripts; server side scripts (except explicit scripts) ignore this check.