Logo: Relish

  1. Sign in

Project: Dblgbc

Security - Permissions and Roles

Digital Bible Library participants
In order to abide by rules of copyright and workflow
Can belong to one or more groups of users (roles)
And, depending on those memberships, perform only certain operations
And, depending on those memberships, see only certain things

Recognize different roles
that I am logged in as an administrator
that there is an organization called "nbs1" based in "Antartica"
I assign a user the specific role "role"
they will be part of generic class "role_class"
they we be able to do "operation"
Examples: Global Administrator
role role_class operation
/role/administrator Global Administrator create global administrator
/role/administrator Global Administrator create global librarian
/role/administrator Global Administrator create global publisher
Examples: Global Librarian
role role_class operation
/role/librarian Global Librarian create organization
/role/librarian Global Librarian create organizational administrator
/role/librarian Global Librarian create organizational archivist
/role/librarian Global Librarian create organizational licenser
/role/librarian Global Librarian create organizational publisher
/role/librarian Global Librarian create organizational rebrander
/role/librarian Global Librarian search the whole library
/role/librarian Global Librarian associate entries with organizations
Examples: Global Publisher
role role_class operation
/role/publisher Global Publisher create API key
/role/publisher Global Publisher download data for entries licensed to them
Examples: Organizational Administrator
role role_class operation
/org/aq/administrator Organizational Administrator create organizational Administrator
/org/aq/administrator Organizational Administrator create organizational archivist
/org/aq/administrator Organizational Administrator create organizational licenser
/org/aq/administrator Organizational Administrator create organizational publisher
/org/aq/administrator Organizational Administrator create organizational rebrander
Examples: Organizational Archivist
role role_class operation
/org/aq/archivist Organizational Archivist see content belonging to /org/aq/pbs
/org/aq/archivist Organizational Archivist upload data for a new entry for that org
/org/aq/archivist Organizational Archivist upload revised data for an existing entry
/org/aq/archivist Organizational Archivist upload revised metadata for an existing entry
Examples: Organizational Licenser
role role_class operation
/org/aq/licenser Organizational Licenser see content belonging to /org/aq/pbs
/org/aq/licenser Organizational Licenser grant licenses content belonging to /org/aq/pbs to any /org/aq/publisher
/org/aq/licenser Organizational Licenser grant licenses content belonging to /org/aq/pbs to any Global Publisher
Examples: Organizational Publisher
role role_class operation
/org/aq/publisher Organizational Publisher create API key
/org/aq/publisher Organizational Publisher download data for entries licensed to them
/org/aq/publisher Organizational Publisher can see entries they have licenses to
/org/aq/publisher Organizational Publisher cannot see entries they don't have licenses to
Developer Permissions Relaxed in Dev environment
that I am logged in as a developer
we are running in development mode
I can make myself a member of any group
I can remove myself from any group
Every user is owned by a single organization
a user doesn't exist
that user is created
they belong to a single "owning" organization

Last published over 6 years ago by bradobro.