-
Notifications
You must be signed in to change notification settings - Fork 34
Data Entitlement and Access Control
The IBM Food Trust™ solution provides access control capability for all XML documents (data) uploaded to the network by member organizations. This enables the data submitter to set the access control data entitlement mode for each XML document at the time of submission, as follows:
Private
The data is only visible to the submitting organization, unless it is shared via explicit grants. (e.g. event data pertaining to an organization’s internal processes, location master data for private locations or pieces of equipment.)
Restricted
The data is only shared with the member organizations that are explicitly referenced in the XML document. (e.g. transactions such as purchase orders, despatch advices or receiving advices that explicitly reference other parties to the transaction.)
Linked
The document is only shared with other parties who are involved in a business transaction for the referenced product LGTIN. (e.g. event data related to transactions between specific parties.)
Entitlement mode is specified with an IFT-Entitlement-Mode header in the data submission request. If the entitlement mode is not specified, a default entitlement mode is applied, based on the type of XML document:
Table 1. Default Data Entitlement Modes by Data Type
| Default Entitlement Mode | Data Types |
|---|---|
| Restricted | Purchase Order transactions Despatch Advice transactions Receive Advice transactions |
| Linked | EPCIS Events Object Master Data Location Master Data |
| Private | Data Payload* Documents** |
* A document submitted as a Data Payload is expected to have explicit overrides for non-private use.
** Documents, including PDFs and other file and format types, uploaded using the Documents application.
-
Restricted:
IFT-Entitlement-Mode: restricted -
Linked:
IFT-Entitlement-Mode: linked -
Private:
IFT-Entitlement-Mode: private
If no IFT-Entitlement-Mode header is provided on data submission, the default mode will be applied based on the XML document type, as described previously in Table 1.
Specifying an invalid entitlement value will return the following error message:
{
"message": "bad_entitlement_mode_value is not a valid IFT-Entitlement-Mode header value!"
}Existing data in the IBM Food Trust solution will be migrated to the new access control scheme, using the default entitlement modes for each XML document type, as described previously in Table 1.
WELCOME!
Modules
Membership
Languages
Browsers
ONBOARDING
Onboarding Steps
Data Requirements
Data Types
Supplier Data
Payload Data
Insights Data
HOW-TO
Join by Invitation
Log in as New User
Authenticate Human Users
Authenticate System Users
Java Sample
Typescript Sample
IIB Sample
Assign User Roles
Upload Data
Automate Data Upload
Convert Spreadsheets
Convert Data
Whitelist Custom URLs
APIs-Swagger
Connector API
Documents API
Converter API
Trace API
Insights API
APIs-Usage
APIs
Insights API
Insights API Usage
Trace API
Connector API Errors
API Error Codes
REFERENCE
GS1
GS1 Identifier Reuse
Authentication
Identifiers
Message Codes
Cryptographic
Signatures
Signature Header
Access Control
Firewall Settings
XML to JSON
EPCIS Aggregation Add
EPCIS Aggregation Delete
EPCIS Object Add
EPCIS Object Delete
EPCIS Object Observed
EPCIS Transformation
Purchase Order
Despatch Advice
Receiving Advice
Master Data Item
Master Data Facility
Standard Business
Document Header