About Max Authentication and Authorization
Max applications are configured to use Salesforce as the OAuth2 identity provider with single sign-on (SSO) support. The Max platform authorization model is based on the following concepts:
• Users have full access to their own records, and can mark records as private or shared with other users, roles or groups.
• Roles are based on job types and responsibilities and have child-to-parent inheritance.
• Groups are containers for users and have parent-to-child inheritance.
• Permissions are the mechanism by which record-level CRUD access is granted to users, roles, and groups. Services are granted access to standard CRUD and custom operations.
• Data Access Rules grant access to dynamic record sets through the use of queries. Field-level access control is also implemented at the record level.
Max Platform applications ship with a set of default roles with access privileges. Consult product Help for your Max Platform application for details.