Authorization
Authorization in QuoteLogic controls what users can access and modify. While authentication determines who a user is, authorization determines what they are allowed to do.
How Authorization Works
Access is enforced at the application and backend levels.
- The UI may hide or show features based on access
- All critical actions are validated on the server
This ensures that access controls cannot be bypassed from the client.
Access Model
Users are associated with an account and, in enterprise environments, an organization.
Access may vary based on:
- User role
- Organization membership
- Feature availability
Roles
QuoteLogic currently supports basic role separation.
Examples include:
- Admin: Full access to configuration and data
- User: Access to create and manage quotes
Roles determine what actions a user can perform within the application.
Enforcement
Authorization is enforced on the server.
- Client-side checks improve user experience
- Server-side validation ensures security and data integrity
Future Enhancements
Authorization will continue to evolve to support:
- Granular role-based access control (RBAC)
- Organization-level permissions
- Feature-level access controls
Why This Matters
Authorization ensures that:
- Sensitive data is protected
- Users only access what they are allowed to see
- Enterprise environments maintain control over data and workflows