Skip to content

[INFO] Permission System

Jump to bottom
Ismael Rodríguez edited this page Jun 22, 2017 · 1 revision

The permission system of the frontend works based on the concepts of a user account, groups and permissions.

User Account

A user account represents a user of the Mapping UI. Can be created using the sign-up page or via the admin interface. The most important data of a user is:

  • _id: Automatically generated, never changes.
  • isActive: indicates whether the user is active or not.
  • username: visible username
  • password:
  • name: first, middle and last. Only first and last are required.
  • groups: groups that the user belong to.
  • permissions: individual permissions the user has.
  • timeCreated: time when the account was created.
  • timeLastLogin: last time the user logged-in.

Group

A group is a set of permissions identified by a name, such as 'Admin', 'Readers', 'Editors',... Use groups to give a group of users a set of permissions you consider that must be together. For specific individual permissions, please edit the specific account's permissions.

The most important data of a group is:

  • _id: Automatically generated, never changes.
  • name: Visible name of the group
  • permissions: a set of permissions that user that belong to the group will have.

Permissions

Permissions determine what the user can and can't do. Administrators can create the permissions they want and set constraints on what permissions are required for creating, editing and removing templates (WIP). Permissions are usually given via groups (a user is assigned a group, and then that user inherits all the permissions of the group). However, individual permissions can also be given to a user without any group.

Special Users and Groups

There are some users and groups that are special: they can't be removed and have special permissions.

  • Admin User: The admin account can do everything without any explicit permission. It can't be removed, disabled, and its personal details can only be edited by the admin user itself. Groups and permissions can't be modified.

  • Admin Group: The admin group gives an user unlimited access to they system: they can create, remove, disable, enable and modify all details from any other user and group (except the special ones). Also, they have access to the administration panel and administration screens on the user interface.

  • Account Group: This is the basic group that any account belongs to. It doesn't have any special permission, apart from creating new mappings and editing them.

Clone this wiki locally