This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision | ||
userzone:userdoc:access:rights [2020/03/12 12:06] 127.0.0.1 external edit |
userzone:userdoc:access:rights [2021/09/23 17:14] (current) roel typos corrected |
||
---|---|---|---|
Line 1: | Line 1: | ||
======Changing access rights ====== | ======Changing access rights ====== | ||
====General setup==== | ====General setup==== | ||
- | In Gemstracker, every user is assigned to one group. | + | In GemsTracker, every user is assigned to one group. |
One group is assigned one role. | One group is assigned one role. | ||
- | One role has a set of privileges.\\ | + | One role has a set of privileges. |
+ | A role can inherit privileges from another role.\\ | ||
Additionally, a user is assigned to an organization (see adding users), and the user will only be able to access respondents of this organization, unless specific privileges have been granted. There are two ways in which a user can have access to respondents of other organizations: | Additionally, a user is assigned to an organization (see adding users), and the user will only be able to access respondents of this organization, unless specific privileges have been granted. There are two ways in which a user can have access to respondents of other organizations: | ||
- By granting an organization the right to access one or more other organizations (an organization level privilege) | - By granting an organization the right to access one or more other organizations (an organization level privilege) | ||
- By granting the cross-organization privilege in a role, this will grant access to all organizations (a user-group privilege). | - By granting the cross-organization privilege in a role, this will grant access to all organizations (a user-group privilege). | ||
- | There are a few predefined roles: Super¹, admin¹, staff, researcher¹, guest, nologin, physisian, respondent, security¹.\\ | + | There are a few predefined roles: Super¹, admin¹, staff, researcher¹, guest, nologin, physisian, respondent, monitor, security¹.\\ |
- | Also a set of predefined groups is predefined: Super administrators¹, local admins¹, staff and respondents.\\ | + | Also a set of predefined groups is predefined: Super administrators¹, Local admins¹, Staff, Monitors and Respondents.\\ |
¹//These have cross-organization privileges// | ¹//These have cross-organization privileges// | ||
Line 17: | Line 18: | ||
- create a new role | - create a new role | ||
- create a group with this role | - create a group with this role | ||
- | - make sure the group that can create accounts has access to this new role (needs to inherit from the new role you created) | + | - make sure the group that can create accounts has access to this new role (needs to inherit from the new role you created and needs to be set at group level) |
====Adding roles==== | ====Adding roles==== |