Every page of a site, developed on the basis of the Bitrix Site Manager software starts with inclusion of the required header file. Simple inclusion of this file automatically ensures the operation of the unified authorization system and access permission distribution.
The authorization system functions independently of business logic found in a page body. The principle of independency of authorization system from the executable page section ensures the security of web applications from unauthorized access and execution. Thus, if a user doesn’t have a permission to access a page he will not be able to avoid the authorization system.
All the modules of the Bitrix Site Manager software check for the access permissions inside of the modules when calling API functions. Thus, applications written using the Bitrix Site Manager API obtain another level of protection provided by both modules and logical operations. The independency of authorization system from the API functions provides for secure development of client applications and business logic as well as handy managing access permissions in a standard module interface.
