Security - AtlasOfLivingAustralia/fieldcapture Wiki

Authentication

Users of MERIT (and BioCollect) are expected to be authenticated by an instance of the Central Authentication Server CAS. See CAS protocol for an explanation of the CAS protocol.

The CAS instance to be used is specified using the

security.cas.casServerUrlPrefix

configuration item.

The CAS interface and login sequence is coordinated by the ALA CAS Plugin.

Authorisation / Access Control

Access control in MERIT is implemented via a combination of roles and an access control list (ACL) stored in ecodata.

MERIT Roles

MERIT supports the following roles:

Role Description
ALA Admin Provides full access to all MERIT functionality
FC_ADMIN Provides access to grant/project management functions as well as the ability to customise the home page, email templates and access to all reports and data downloads.
FC_OFFICER Provides access to grant/project management functions
FC_READ_ONLY Provides read only access to project data, normally assigned to auditors
Project/Grant manager Access to approve / return project reports for a specific project. Only users with the Global FC_OFFICER role can be assigned this role on a project
Project admin Access to edit data for a specific project as well as submit reports and assign project access
Project editor Access to edit data for a specific project

Access control lists

Every project in MERIT has an access control list which records the roles each user has for that project.