User roles - CDCgov/prime-simplereport GitHub Wiki
Intro
This page explains the various user roles and how to modify them
User Roles
The available user role types are ADMIN, USER, ENTRY_ONLY, ALL_FACILITIES, TEST_RESULT_UPLOAD_USER and NO_ACCESS. You can check backend/src/main/java/gov/cdc/usds/simplereport/config/authorization/OrganizationRole.java for a list of available roles
ADMIN- an organization admin with full access to their organizationUSER- a site user the has access to everything in their organization but the gear iconENTRY_ONLY- a site user that only has access to the Conduct Test tabALL_FACILITIES- a site user that can access all facilities in their organizationNO_ACCESS- a member of an organization who has no permissions without possessing other roles. Every member of an org has this role, so it is used to list all users in an organizationTEST_RESULT_UPLOAD_USER- a member of the CSV Uploader pilot program, active as of 8/23/22. See more information about this role here
These roles are controlled via Okta groups (in deployed environments and if you are running the app locally with Okta) or through the application-local.yaml file (if you are running the app locally without Okta)
Updating user roles
When running the app locally without Okta, by default the local test user is an organization admin role. If you need to change this value to test out other permissions, it can be set in application-local.yaml.
If you have not created one run:
touch backend/src/main/resources/application-local.yaml
Organization roles can be set by adding the following to application-local.yaml:
simple-report:
demo-users:
default-user:
authorization:
granted-roles: ADMIN
Support admin
Support admins can access the /admin paths and support admin APIs.
Make support admin via Okta
You can make your user a support admin by assigning yourself the SR-DEV-ADMINS group in Okta Preview.
Make support admin locally without Okta
You can make the default user a site admin by adding the following to application-local.yaml:
simple-report:
demo-users:
site-admin-emails:
- [email protected]