Security - AtlasOfLivingAustralia/fieldcapture GitHub Wiki
Authentication
Users of MERIT (and BioCollect) are authenticated using the OpenID Connect (oidc) protocol with the authorization code flow. The implementation is via the ala-auth-plugin which uses the pac4j library to implement the authentication flow.
See openid.net for an explanation of the OpenID Connect protocol.
Authorisation / Access Control
Access control in MERIT is implemented via a combination of roles and an access control list (ACL) stored in ecodata.
MERIT Roles
MERIT supports the following roles:
| Role | Description |
|---|---|
| ALA Admin | Provides full access to all MERIT functionality |
| FC_ADMIN | Provides access to grant/project management functions as well as the ability to customise the home page, email templates and access to all reports and data downloads. |
| FC_OFFICER | Provides access to grant/project management functions |
| FC_READ_ONLY | Provides read only access to project data, normally assigned to auditors |
| Project/Grant manager | Access to approve / return project reports for a specific project. Only users with the Global FC_OFFICER role can be assigned this role on a project |
| Project admin | Access to edit data for a specific project as well as submit reports and assign project access |
| Project editor | Access to edit data for a specific project |
Access control lists
Every project in MERIT has an access control list which records the roles each user has for that project.