-
Notifications
You must be signed in to change notification settings - Fork 34
Data Entitlement and Access Control
The IBM Food Trust™ solution provides access control capability for all XML data uploaded to the network by member organizations. This enables the data submitter to set the access control data entitlement mode for each XML message at the time of submission, as follows:
Private
The data is only visible to the submitting organization, unless it is shared via explicit grant. (e.g. event data pertaining to an organization’s internal processes, location master data for private locations or pieces of equipment.)
Restricted
The data is shared only with the organizations that are explicitly referenced in the XML document. These are typically business transaction partners that are identified in Purchase Order, Despatch Advice (aka ASN) and Receiving Advice transactions.
Linked
The data is enabled for sharing with all organizations up and down the supply chain for a specific trade item only, such as an SGTIN. These are typically supply chain events, which are shared through a process of cross-referencing data such as facility IDs and event IDs.
Entitlement mode is specified with an IFT-Entitlement-Mode header in the data submission request. If the entitlement mode is not specified, a default entitlement mode is applied, based on the type of XML document:
Table 1. Default Data Entitlement Modes by Data Type
| Default Entitlement Mode | Data Types |
|---|---|
| Restricted | Purchase Order transactions Despatch Advice transactions Receive Advice transactions |
| Linked | EPCIS Events Object Master Data Location Master Data |
| Private | Data Payload* Documents** |
* A document submitted as a Data Payload is expected to have explicit overrides for non-private use.
** Documents, including PDFs and other file and format types, uploaded using the Documents application.
-
Restricted:
IFT-Entitlement-Mode: restricted -
Linked:
IFT-Entitlement-Mode: linked -
Private:
IFT-Entitlement-Mode: private
If no IFT-Entitlement-Mode header is provided on data submission, the default mode will be applied based on the XML document type, as described previously in Table 1.
Specifying an invalid entitlement value will return the following error message:
{
"message": "bad_entitlement_mode_value is not a valid IFT-Entitlement-Mode header value!"
}Existing data in the IBM Food Trust solution will be migrated to the new access control scheme, using the default entitlement modes for each XML document type, as described previously in Table 1.
WELCOME!
Modules
Membership
Languages
Browsers
ONBOARDING
Onboarding Steps
Data Requirements
Data Types
Supplier Data
Payload Data
Insights Data
HOW-TO
Join by Invitation
Log in as New User
Authenticate Human Users
Authenticate System Users
Java Sample
Typescript Sample
IIB Sample
Assign User Roles
Upload Data
Automate Data Upload
Convert Spreadsheets
Convert Data
Whitelist Custom URLs
APIs-Swagger
Connector API
Documents API
Converter API
Trace API
Insights API
APIs-Usage
APIs
Insights API
Insights API Usage
Trace API
Connector API Errors
API Error Codes
REFERENCE
GS1
GS1 Identifier Reuse
Authentication
Identifiers
Message Codes
Cryptographic
Signatures
Signature Header
Access Control
Firewall Settings
XML to JSON
EPCIS Aggregation Add
EPCIS Aggregation Delete
EPCIS Object Add
EPCIS Object Delete
EPCIS Object Observed
EPCIS Transformation
Purchase Order
Despatch Advice
Receiving Advice
Master Data Item
Master Data Facility
Standard Business
Document Header