User Roles and Services - AtlasOfLivingAustralia/documentation Wiki

Roles

This is a list of users roles in ALA CAS-5 auth system.

The list of user roles are in https://yourauth.example.com/userdetails/admin/role/list and is created via this init sql script.

Feel free to edit this table.

Role name Description
ROLE_ABRS_ADMIN Admin role of Australian Biological Resources Study (ABRS) Survey of Australian Taxonomic Workforce
ROLE_ABRS_INSTITUTION Institution Role of ABRS
ROLE_ADMIN Admin role for ALA staff
ROLE_API_EDITOR Enables a user to update the online web service API
ROLE_APPD_USER APPD user. This role is configurably used for the https://github.com/AtlasOfLivingAustralia/appd-hub installation
ROLE_AVH_ADMIN AVH admin. This role is configurably used for the https://github.com/AtlasOfLivingAustralia/avh-hub installation
ROLE_AVH_CLUB AVH privileged user. This role is configurably used for the https://github.com/AtlasOfLivingAustralia/avh-hub installation
ROLE_COLLECTION_ADMIN Admin role for the Collectory service¹
ROLE_COLLECTION_EDITOR Editor role for the Collectory service¹
ROLE_COLLECTORS_ADMIN It's seems that this role is not used on public code
ROLE_FC_ADMIN Admin role for the Field Capture webapp
ROLE_FC_OFFICER Field Capture officer role
ROLE_FC_READ_ONLY Provides read only access to all projects in the field capture system.
ROLE_IMAGE_ADMIN It's seems that this role is not used on public code
ROLE_SPATIAL_ADMIN It's seems that this role is only used on spatial-logger
ROLE_SYSTEM_ADMIN System admin role (used nowadays in BIE service)
ROLE_USER Basic role of an authenticated user
ROLE_VP_ADMIN Admin role for the Volunteer Portal (VP)
ROLE_VP_TEST_ADMIN The admin role for BVP Test server
ROLE_VP_VALIDATOR Validator role for the Volunteer Portal

Note: When this wiki table is completed, would be great to update the table user_role with this info so our auth system is better documented without necessity of this page.

First ROLE_ADMIN user after installing CAS

Note: that these steps were needed prior to this PR was merged. So now this is done by the ala-install.

After the first install of CAS you should register a new user using: https://auth.example.com/userdetails/registration/createAccount If you have used the generator, you can check my-la-cas-inventory.yml file for the mysql root username, and my-la-local-passwords.yml to get the corresponding password. SSH to the server you are running CAS on, and look up your userid in mysql emmet database:

SELECT * FROM `emmet`.`users`;

and later add your user_id as ROLE_ADMIN manually:

INSERT INTO `emmet`.`user_role` (`user_id`, `role_id`) VALUES('put_here_your_user_id', 'ROLE_ADMIN');

also, if your email service is not yet ready, you can activate your account manually with:

UPDATE `emmet`.`users` SET activated=1 WHERE userid=put_here_your_user_id;

Later you can administer other users & roles via: https://auth.example.com/userdetails/admin

Recommended roles for a Living Atlas Admin:


¹ It seems they are in disuse, removed here, although still present in the code. In collectory service the ROLE_ADMIN and ROLE_EDITOR are now used (although ROLE_EDITOR is not created in CAS by default)