...
|
|
*Logging In
|
h4. Logging In
|
*To log into the Administration Tool your user name must be added
to the 'superadmin' group. This will take you to the "Main Menu" page.
|
h4. *Explanation of Groups, Users, Roles, and Permissions
|
*Overview*
|
*
<blockquote> *Overview *
|
Groups, Users, Roles and Permissions are used to control access to the
site. Its very flexible allowing users to be created and grouped, and permissions
|
... to access systems and resources on the system to also be grouped. Permissions
|
can be granted to a user in several ways giving the administrator of the
system flexibility in managing users and their access to the system.
|
*
|
|
Groups *are * *Groups* are used to group users together. Users, Roles, and Permissions
|
can all be added to and removed from a group. Users that are added to a group
inherit all of the roles and permissions that have also been added to that
|
... group. For instance if you add 'Joe User' to 'Group A' and also add the Role
'Manager of group Foo Makers' then 'Joe User' will have all of the permissions
that are in that role. And as stated you can add permissions directly to
|
a group.
|
*Users *are * *Users*are entities representing the users of your system. You can
|
add roles and permissions to users. Users will also inherit roles and permissions
of groups they are in. Thus there are multiple ways a user can have a permissions.
|
... A permission can be added to a user directly. Or a role containing one or
many permissions could be added to a user. Or a user could be added to a
group which contains roles and permissions. Permissions are additive
so if a user has a permission 'P' both through being part of a group and
directly, then you remove the permission 'P' from the user, but the user
is still part of the group having 'P' the user will still have access to
|
the resource behind that permission.
|
*Roles * *Roles* are simply used to create sets of permissions. <add example>
|
|
* *Permissions * are used to represent access to a resource.
|
The relationship between a resource and a permission is usually either one to one or one to two. A user can either read from a resource or read/write a resource. However the system is very flexible here and you can have it create permissions to 'do' whatever you want. The actual meaning of the permission is coded in your application's logic.
|
... Permissions are created automatically by the system when you create a 'resource'.
They should only be deleted by the system.
Permissions can be grouped into roles. Permissions can added directly to
roles, users, and groups. Ultimately the purpose of a permission is to tell
the system whether it should grant access to something to a user. The ability
of a user to see or do something in the system depends on whether they have
the appropriate permission either directly or having inherited it through
|
having a role or having membership to a group.
|
*Elaboration on the difference between Groups and Roles *. It is very
|
h4. Elaboration on the difference between Groups and Roles
It is very
|
common to get Groups and Roles confused. After doing many hours of research
on this topic I believe the correct definitions are represented in this system.
|
... Groups are groups of people and used to group people. Roles are for grouping
permissions or creating a unified set of permissions. Roles are really a
convenience for managing permissions. A role can be thought of as a permission
encompassing many other permissions. You can add users and roles to (and
|
even permissions) to groups . But you can only add permissions to roles.
|
h4. *Viewing Groups, Users, Roles, and Permissions
|
|
* To view all the available users simple click on 'View Users'. This will
|
take you to the list of users.
|
... *Creating a user. *
*
*To create a user from the 'Main Menu' screen you click on 'Create a User'
. You will come to a blank user. Fill in the fields and hit the 'Save' button.
You will then be sent to the list of users with your new user added to the
list.
This same process is true for creating Groups and Roles.
*
User Details
*You can view the details regarding a user by clicking on the ' Display
/ Edit' link next to a user's name and description on the 'View Users' screen.
The attributes of a user are listed at the top of the screen. These can be
edited. Changes will take effect after you click on the "Save" Button. To
exit this screen click on the "Cancel" button. To completely remove this
user from the system click on the "Delete User" button.
Below the attributes are:
- The list of Roles this user has.
- The list of Roles that can be added to this user.
- The list of Permissions this user has.
- The list of Permissions that can be added to this user.
To add one or several Permissions for this user click on the Permission checkbox
under the right most column 'Check to Add'. Then click on the
'Add checked' button. This will cause all checked permissions to be added
to the list above. The user now has these permissions.
To remove a permission from this user you can click on the 'Remove Permission'
link next to one of the permissions in the list.
The same instructions as above are true for adding and removing Roles to
and from the user.
*SUPERADMIN
*The system has a default user named admin. This user has access to the
whole system. There is also a <i>superadmin </i>group. Users who are added
to this group also have access to the entire system including special functions
like being able to hide user comments.
The superadmin group and the admin user are created when the system is run
for the first time. Neither the superadmin group nor the admin user should
be deleted. In a future release the ability to delete these from the system
will be disabled.
The admin user password should be changed.
Only users who should have full access to the system should be added to the
<i>superadmin </i>group.
|
Page Operations
Browse Space