EMMAWiki/TermsAndConcepts/ForUsers/Access Control: Difference between revisions

From BRF-Software
Jump to navigation Jump to search
imported>MichaelDondrup
No edit summary
imported>MichaelDondrup
No edit summary
Line 3: Line 3:


Access control in EMMA 2.0 is provided for each individual object. You may check and change other member's rights on experiments and data you have created.
Access control in EMMA 2.0 is provided for each individual object. You may check and change other member's rights on experiments and data you have created.
The access control model in EMMA is two-fold. It consists of the two basic components:


To understand, how access control works in emma, we have to look at the following concepts:
* '''Role-based access control''' -- Defines global privileges for a specific project.
* '''Access control by privileges''' -- Defines per-object (experiment, data) access
 
== Role-based access control ==
 
To understand, how role-based access control works in emma, we have to look at the following concepts:


* User
* User
Line 41: Line 47:


The role of a member may vary between different projects. You could be Chief in your own project, but guest in projects of other groups.
The role of a member may vary between different projects. You could be Chief in your own project, but guest in projects of other groups.
== Access control by privileges ==

Revision as of 18:35, 31 August 2005

Access Control

Access control in EMMA 2.0 is provided for each individual object. You may check and change other member's rights on experiments and data you have created. The access control model in EMMA is two-fold. It consists of the two basic components:

  • Role-based access control -- Defines global privileges for a specific project.
  • Access control by privileges -- Defines per-object (experiment, data) access

Role-based access control

To understand, how role-based access control works in emma, we have to look at the following concepts:

  • User
  • Member
  • Role
  • Right

These concepts are common for all software packages using the GPMS.

User

A user is somebody with an account - login name and password and email address - in the GPMS. The user is registered, but does not need allowed to access a single project.

Member

The Member is a User, having access to a specific project. Membership can be granted by a Chief of that project. A user can be a member in many projects.

Rights

A definition of what somebody could be allowed to do in a project. E.g. delete a dataset or import data. There are many rights defined for EMMA. If you do not have the right to perform an action, the system will not allow you to do it.

Role

A collections of individual rights for a project. Many users may share a single role, and a role will comprise many rights. E.g. The User may import data, create experiments, but not edit the standard pipelines or the array layouts. The role of a member may vary between different projects.

  • For each project, there is a "chief" who has all the privileges and can give access or not to other users for this project. He also decides what kind of tasks you can perform or not on this project, e.g. to change an existing pipeline or to create a new one.

Here are the different types of roles you can have in a project and their corresponding privileges.

  • Chief -- The main responsible, may add, edit and delete almost everything, including array layouts and pipelines. May add and remove members of a project.
  • Maintainer -- Same as Chief, but may not manage memberships.
  • User -- May import data, run pipelines, create new experiments.
  • Guest -- May do almost nothing, just look. Even viewing things can be restricted.

The majority of users will have the role User. This role is sufficient to do the work, while other roles allow to change the setup of the project

The role of a member may vary between different projects. You could be Chief in your own project, but guest in projects of other groups.

Access control by privileges