Difference between revisions of "Users and Roles"

From Developer Documents
Jump to navigation Jump to search
 
(3 intermediate revisions by the same user not shown)
Line 24: Line 24:
  
 
The ontology can be found in '''org.simantics.layer0/graph/UsersAndRoles.pgraph'''
 
The ontology can be found in '''org.simantics.layer0/graph/UsersAndRoles.pgraph'''
 +
 +
=== Concepts ===
 +
 +
* L0.RoleRule determines some user interface behaviour e.g. denial of operation or selection of actions or data.
 +
* L0.Role defines a hierarchy of possible roles for a user. For each role a set of rule are attached. From this information a list of rules for a certain role can be computed. The rules are interpreted in order and may override or cancel each other.
 +
* L0.RoleAssignment assigns a set of allowed roles for a certain user. The set of RoleAssignments are determined for each model separately. Normally RoleAssignments are contained in models but for some special cases the assignments can also be shared e.g. for the admin role.
 +
* L0.Session stores preferences for the database session. The session contains a set of RoleAssignments (one per model)
  
 
=== Using the model ===
 
=== Using the model ===
Line 29: Line 36:
 
The following guidelines are defined
 
The following guidelines are defined
  
* The '''active session role''' is defined in the session model
+
* The set of RoleAssignments from the session model are used to determine the '''model active role''' for the session
 
* Available users can be found under http://Users
 
* Available users can be found under http://Users
* All roles defined in a model can be found by searching L0.Role in '''dependencies'''
+
* All roles defined for a model can be found by searching L0.Role in '''dependencies'''
* '''Available roles''' per user are queried by filtering from all roles by L0.IsAllowedFor
+
* All role rules available for a model can be found by searching L0.RoleRule in '''dependencies'''
* Role-based rules are bound to models and can be queried by searching L0.RoleRule in model '''dependencies''' and by filtering to a selected role.
+
* All role assignments for a model can be found by searching L0.RoleAssignment in '''dependencies'''
* The '''active role rule set''' is obtained by determining role-based rules for the '''active session role'''
+
* '''Available roles''' for the session per model are queried by determining all role assignments and by filtering by user
* Application code decides how to interpret the active role rule set.
+
* The '''active role rule list''' is obtained by first determining the '''model active role''' and then by traversing the inheritance chain.
 +
* Application code decides how to interpret the active role rule list.
  
 
[[Category: Model Development]]
 
[[Category: Model Development]]

Latest revision as of 15:04, 11 July 2011


User and role modelling in the semantic database is supported to enable user and use case specific user interface logic.

Basic concepts

User account

User accounts are needed in authentication of Simantics services such as database connections and experiment servers. User authentication in Simantics is based on LDAP?

User model

A user model is a representation of a user account in the Simantics database.

Role

A user always assumes a single role in the user interface. Various user interface rules can be attached into roles e.g. to allow or disallow certain operations. The user interface can also use the user and role information for selecting which data to show.

Modelling

UsersAndRoles.png

File:UsersAndRoles.graphml

The ontology can be found in org.simantics.layer0/graph/UsersAndRoles.pgraph

Concepts

  • L0.RoleRule determines some user interface behaviour e.g. denial of operation or selection of actions or data.
  • L0.Role defines a hierarchy of possible roles for a user. For each role a set of rule are attached. From this information a list of rules for a certain role can be computed. The rules are interpreted in order and may override or cancel each other.
  • L0.RoleAssignment assigns a set of allowed roles for a certain user. The set of RoleAssignments are determined for each model separately. Normally RoleAssignments are contained in models but for some special cases the assignments can also be shared e.g. for the admin role.
  • L0.Session stores preferences for the database session. The session contains a set of RoleAssignments (one per model)

Using the model

The following guidelines are defined

  • The set of RoleAssignments from the session model are used to determine the model active role for the session
  • Available users can be found under http://Users
  • All roles defined for a model can be found by searching L0.Role in dependencies
  • All role rules available for a model can be found by searching L0.RoleRule in dependencies
  • All role assignments for a model can be found by searching L0.RoleAssignment in dependencies
  • Available roles for the session per model are queried by determining all role assignments and by filtering by user
  • The active role rule list is obtained by first determining the model active role and then by traversing the inheritance chain.
  • Application code decides how to interpret the active role rule list.