FlexiCore provides state of the art data security using its access control system. Permissions and access control objects such as Users, Roles, Tenants, and Permission-Groups are stored in the database and not as part of the code. API endpoints and other controlled methods are stored in the database too when the server starts.
By using a set of default behaviors at all access control objects levels, the amount of required data to describe final users’ access rights is dramatically reduced.
For efficiency and security, access control is considered at the database level, requiring no additional code to filter the permitted data. This behavior is automatically applied to all plugins’ created data too.
authorized tenant administrators can create new tenants visible only to authorized users. Unlike some of the other multi-tenancy systems, FlexiCore multi-tenancy can be defined to allow aggregation across tenants, for example across subsidiaries of the same company, or disallow it, virtually creating a ‘firewall’ among tenants.