User Roles and Services - AtlasOfLivingAustralia/documentation GitHub Wiki
Roles
This is a list of users roles in ALA CAS-5 auth system.
The list of user roles are in https://yourauth.example.com/userdetails/admin/role/list and is created via this init sql script.
Feel free to edit this table.
| Role name | Description |
|---|---|
| ROLE_ABRS_ADMIN | Admin role of Australian Biological Resources Study (ABRS) Survey of Australian Taxonomic Workforce |
| ROLE_ABRS_INSTITUTION | Institution Role of ABRS |
| ROLE_ADMIN | Admin role for ALA staff |
| ROLE_API_EDITOR | Enables a user to update the online web service API |
| ROLE_APPD_USER | APPD user. This role is configurably used for the https://github.com/AtlasOfLivingAustralia/appd-hub installation |
| ROLE_AVH_ADMIN | AVH admin. This role is configurably used for the https://github.com/AtlasOfLivingAustralia/avh-hub installation |
| ROLE_AVH_CLUB | AVH privileged user. This role is configurably used for the https://github.com/AtlasOfLivingAustralia/avh-hub installation |
| ROLE_COLLECTION_ADMIN | Admin role for the Collectory service¹ |
| ROLE_COLLECTION_EDITOR | Editor role for the Collectory service¹ |
| ROLE_COLLECTORS_ADMIN | It's seems that this role is not used on public code |
| ROLE_FC_ADMIN | Admin role for the Field Capture webapp |
| ROLE_FC_OFFICER | Field Capture officer role |
| ROLE_FC_READ_ONLY | Provides read only access to all projects in the field capture system. |
| ROLE_IMAGE_ADMIN | It's seems that this role is not used on public code |
| ROLE_SPATIAL_ADMIN | It's seems that this role is only used on spatial-logger |
| ROLE_SYSTEM_ADMIN | System admin role (used nowadays in BIE service) |
| ROLE_USER | Basic role of an authenticated user |
| ROLE_VP_ADMIN | Admin role for the Volunteer Portal (VP) |
| ROLE_VP_TEST_ADMIN | The admin role for BVP Test server |
| ROLE_VP_VALIDATOR | Validator role for the Volunteer Portal |
Note: When this wiki table is completed, would be great to update the table user_role with this info so our auth system is better documented without necessity of this page.
First ROLE_ADMIN user after installing CAS
Note: that these steps were needed prior to this PR was merged. So now this is done by the ala-install.
After the first install of CAS you should register a new user using:
https://auth.example.com/userdetails/registration/createAccount
If you have used the generator, you can check my-la-cas-inventory.yml file for the mysql root username, and my-la-local-passwords.yml to get the corresponding password. SSH to the server you are running CAS on, and look up your userid in mysql emmet database:
SELECT * FROM `emmet`.`users`;
and later add your user_id as ROLE_ADMIN manually:
INSERT INTO `emmet`.`user_role` (`user_id`, `role_id`) VALUES('put_here_your_user_id', 'ROLE_ADMIN');
also, if your email service is not yet ready, you can activate your account manually with:
UPDATE `emmet`.`users` SET activated=1 WHERE userid=put_here_your_user_id;
Later you can administer other users & roles via: https://auth.example.com/userdetails/admin
Recommended roles for a Living Atlas Admin:
- ROLE_ADMIN
- ROLE_COLLECTION_ADMIN
- ROLE_COLLECTION_EDITOR
- ROLE_IMAGE_ADMIN
- ROLE_SPATIAL_ADMIN
- ROLE_SYSTEM_ADMIN
¹ It seems they are in disuse, removed here, although still present in the code. In collectory service the ROLE_ADMIN and ROLE_EDITOR are now used (although ROLE_EDITOR is not created in CAS by default)