Authorisation for Ontoserver
This page gives a brief overview of how Ontoserver uses user roles and communities to manage access to resources.
User roles
A user role or persona determines the ability for a user to manage users, community and content.
The base level of access is assigned to the consumer role. Users with a consumer role assigned are able to have read-only access to resources in communities they are given membership to. They also have read-only access to resources secured with anonymous read access
Next is the author role, which allows users to have read and write access to resources in communities they are members of as well as read access to anonymous read access resources. They are also able to create and manage their own communities. Author role users can also be assigned as management roles for other communities.
The content approver role has all the same permissions as an author role, but they are also able to syndicate or approve resources for publication from the authoring server, which may then be incorporated in to a release to the staging and ultimately production servers.
The service desk role is able to create and manage users, system clients and permissions. This role is also able to manage members of all communities.
An administrator role can be used to create the service desk role and has all permissions in regards to creating and managing users, system clients, permissions and communities.
Communities
A community is the method of grouping and managing access by users to resources.
For each community, users can further be assigned community roles, to manage their access to resources.
Community roles
A userโs permissions are bound first by their user role, then their community role. This means that a user with a user role of consumer will only ever have read access even if they are given a community author role. The community role will not override the level of access that is in their user permissions.
A community content administrator can be granted to an Author by the service desk and has read/write access to any community content regardless of their community membership
A community owner role is able to control the membership of community, as well as the level of access (read, write) of members. When a user creates a community, they are automatically assigned as a a community owner. Other users can also be assigned as a community owner
A community member administrator can manage the membership of any community. This is assigned to the service desk users.
Managing user and community roles
To manage all the roles, communities and system clients, there are three consoles available:
- Systems administration console โ this is only required at initial set up, to set up service desk accounts by the administrator
- Administrator console โ this is used by service desk users and author users to manage users, communities and system clients
- Account management console โ this allows users to self manage their own account details