Difference between revisions of "Users and Roles"
Jump to navigation
Jump to search
(9 intermediate revisions by the same user not shown) | |||
Line 24: | Line 24: | ||
The ontology can be found in '''org.simantics.layer0/graph/UsersAndRoles.pgraph''' | The ontology can be found in '''org.simantics.layer0/graph/UsersAndRoles.pgraph''' | ||
+ | |||
+ | === Concepts === | ||
+ | |||
+ | * L0.RoleRule determines some user interface behaviour e.g. denial of operation or selection of actions or data. | ||
+ | * L0.Role defines a hierarchy of possible roles for a user. For each role a set of rule are attached. From this information a list of rules for a certain role can be computed. The rules are interpreted in order and may override or cancel each other. | ||
+ | * L0.RoleAssignment assigns a set of allowed roles for a certain user. The set of RoleAssignments are determined for each model separately. Normally RoleAssignments are contained in models but for some special cases the assignments can also be shared e.g. for the admin role. | ||
+ | * L0.Session stores preferences for the database session. The session contains a set of RoleAssignments (one per model) | ||
=== Using the model === | === Using the model === | ||
Line 29: | Line 36: | ||
The following guidelines are defined | The following guidelines are defined | ||
− | * The ''' | + | * The set of RoleAssignments from the session model are used to determine the '''model active role''' for the session |
* Available users can be found under http://Users | * Available users can be found under http://Users | ||
− | * All roles defined | + | * All roles defined for a model can be found by searching L0.Role in '''dependencies''' |
− | * | + | * All role rules available for a model can be found by searching L0.RoleRule in '''dependencies''' |
− | * Application code decides how to interpret the active rule | + | * All role assignments for a model can be found by searching L0.RoleAssignment in '''dependencies''' |
+ | * '''Available roles''' for the session per model are queried by determining all role assignments and by filtering by user | ||
+ | * The '''active role rule list''' is obtained by first determining the '''model active role''' and then by traversing the inheritance chain. | ||
+ | * Application code decides how to interpret the active role rule list. | ||
[[Category: Model Development]] | [[Category: Model Development]] |
Latest revision as of 15:04, 11 July 2011
User and role modelling in the semantic database is supported to enable user and use case specific user interface logic.
Contents
Basic concepts
User account
User accounts are needed in authentication of Simantics services such as database connections and experiment servers. User authentication in Simantics is based on LDAP?
User model
A user model is a representation of a user account in the Simantics database.
Role
A user always assumes a single role in the user interface. Various user interface rules can be attached into roles e.g. to allow or disallow certain operations. The user interface can also use the user and role information for selecting which data to show.
Modelling
The ontology can be found in org.simantics.layer0/graph/UsersAndRoles.pgraph
Concepts
- L0.RoleRule determines some user interface behaviour e.g. denial of operation or selection of actions or data.
- L0.Role defines a hierarchy of possible roles for a user. For each role a set of rule are attached. From this information a list of rules for a certain role can be computed. The rules are interpreted in order and may override or cancel each other.
- L0.RoleAssignment assigns a set of allowed roles for a certain user. The set of RoleAssignments are determined for each model separately. Normally RoleAssignments are contained in models but for some special cases the assignments can also be shared e.g. for the admin role.
- L0.Session stores preferences for the database session. The session contains a set of RoleAssignments (one per model)
Using the model
The following guidelines are defined
- The set of RoleAssignments from the session model are used to determine the model active role for the session
- Available users can be found under http://Users
- All roles defined for a model can be found by searching L0.Role in dependencies
- All role rules available for a model can be found by searching L0.RoleRule in dependencies
- All role assignments for a model can be found by searching L0.RoleAssignment in dependencies
- Available roles for the session per model are queried by determining all role assignments and by filtering by user
- The active role rule list is obtained by first determining the model active role and then by traversing the inheritance chain.
- Application code decides how to interpret the active role rule list.