Users and Roles
User and role modelling in the semantic database is supported to enable user and use case specific user interface logic.
User accounts are needed in authentication of Simantics services such as database connections and experiment servers. User authentication in Simantics is based on LDAP?
A user model is a representation of a user account in the Simantics database.
A user always assumes a single role in the user interface. Various user interface rules can be attached into roles e.g. to allow or disallow certain operations. The user interface can also use the user and role information for selecting which data to show.
The ontology can be found in org.simantics.layer0/graph/UsersAndRoles.pgraph
- L0.RoleRule determines some user interface behaviour e.g. denial of operation or selection of actions or data.
- L0.Role defines a hierarchy of possible roles for a user. For each role a set of rule are attached. From this information a list of rules for a certain role can be computed. The rules are interpreted in order and may override or cancel each other.
- L0.RoleAssignment assigns a set of allowed roles for a certain user. The set of RoleAssignments are determined for each model separately. Normally RoleAssignments are contained in models but for some special cases the assignments can also be shared e.g. for the admin role.
- L0.Session stores preferences for the database session. The session contains a set of RoleAssignments (one per model)
Using the model
The following guidelines are defined
- The set of RoleAssignments from the session model are used to determine the model active role for the session
- Available users can be found under http://Users
- All roles defined for a model can be found by searching L0.Role in dependencies
- All role rules available for a model can be found by searching L0.RoleRule in dependencies
- All role assignments for a model can be found by searching L0.RoleAssignment in dependencies
- Available roles for the session per model are queried by determining all role assignments and by filtering by user
- The active role rule list is obtained by first determining the model active role and then by traversing the inheritance chain.
- Application code decides how to interpret the active role rule list.