Security Overview > Login Security > Domain and Workspace Security
  
Domain and Workspace Security
Access to domains and entities is controlled at two points:
During system login
During the application session
When users start the system (assuming single sign-on is not enabled), they submit user credentials using the login dialog box. See Single Sign-On Enabled for details on how this setting affects login.
The client authenticates the user by calling the authentication service. If a user’s identity cannot be verified, login to the system fails. This authentication takes place for both the character and the .NET UI login. The system next checks to see if the user has access to any domains and entities defined in User Domain/Entity Access.
This step varies based on the user interface:
In character, the system checks to see if the user has an assigned domain. If not, an error is generated, and login is refused. If only one assigned domain is found, login to that domain is automatic. A user with access to more than one domain can choose from a list. The one marked as default in User Domain/Entity Access displays at the top of the list.
In .NET UI, the authentication service creates a session for the user, and returns a session ID to the .NET UI. The .NET UI uses the session ID to initialize any workspaces (domain/entity combination). By default, this is the workspace that was active when the user logged out of a previous session. If no previous session exists, the default domain is used as with character login.
Note: Login to the .NET UI can be successful even when the user is not assigned to a workspace. This is because the .NET UI is a container for multiple applications and also provides access to system administration functions that are not part of any specific application.
Changing domains also differs depending on the UI:
In the .NET UI, a user with access to more than one domain or more than one entity in a domain switches from one to another by opening a different workspace.
In the character UI, users switch domains by using Change Current Domain (36.1.1.1.10). This automatically switches to the primary entity of the new domain.
At no time can a user access an entity that is not authorized in their user record. In the .NET UI, these workspaces do not display for selection; in the character UI, attempting to switch to an unauthorized domain or entity displays an error message. See Specifying Access to Domains and Entities.
When a user exits the .NET UI, the active workspace is saved and displays when that user logs in again. In the character UI, the default domain assigned to the user in User Domain/Entity Access always displays by default.
For details about using and managing workspaces, see Introduction to QAD Enterprise Applications User Guide.