Roles and Claim Types - danmarksmiljoeportal/natur GitHub Wiki
System rights depend on the roles and claim types that you bring along in your access token from your Identity Provider. The following page explains the claim types that are required as well as what roles you need in order to be granted specific rights in the system. The roles mentioned are application roles which may differ from the super roles that you are granted in your IdP. In this case you must ask your system administrator to investigate what application roles that your super roles are transformed into before comparing with the information on this page.
Required Claim Types
| Type | Claim Type | Function |
|---|---|---|
| Unique Account Key | unique_name | Used to uniquely identify your user account |
| Unique Account Name | sub | Used to uniquely identify your user account |
| Roles | role | Used to grant you system rights |
| CVR Number | vat | Used to identify organisation data you can edit |
| User Name | name | Used to show logged in user |
| Used to send you information from system |
Roles
| Name | Rights |
|---|---|
| miljoe_natur_naturdata_sagsbehandler | Access to perform status changes: 10->20, 20->30, 20->10, 30->10 |
| miljoe_natur_naturdata_sagsbehandler_KS | Full access to change activity status |
| miljoe_natur_naturdata_QA | Full access to change activity status |
| miljoe_natur_naturdata_MC | Full access to change activity status |
| miljoe_natur_naturdata_FDC | Full access to change activity status |
| miljoe_natur_ekstern_ks | Full access to change activity status |
| miljoe_natur_indsamlingsformaal_kom | Ability to choose "Indsamlingsformål" options: Kommunal besigtigelse, VVM-analyse, LIFE-projekt m.m., Andre myndighedsdata, Øvrige data |
| miljoe_natur_indsamlingsformaal_stat | Ability to choose "Indsamlingsformål" options: NOVANA, VVM-analyse, LIFE-projekt m.m., Andre myndighedsdata, Øvrige data |
| miljoe_natur_indsamlingsformaal_ekstern | Ability to choose "Indsamlingsformål" options: VVM-analyse, Øvrige data |
| miljoe_natur_indsamlingsformaal_nst | Ability to choose "Indsamlingsformål" options: VVM-analyse, LIFE-projekt m.m., Andre myndighedsdata, Øvrige data |
| miljoe_natur_support_administration | Read only used for support purposes |
| miljoe_natur_naturdata_inventoer | Allows a user to manage inventors within organization |
Super Role Conversion
DMP's Identity Provider actually offers a different set of roles to users - socalled super roles - but these roles are converted to a different set of application roles on time of issuing token. The conversions we are aware of at the current time of writing are:
| Super Role | Application Roles Issued |
|---|---|
| miljoe_natur_ekstern | miljoe_natur_naturdata_sagsbehandler miljoe_natur_naturdata_sagsbehandler_KS miljoe_natur_naturdata_laes miljoe_natur_naturdata_ekstern_KS miljoe_natur_indsamlingsformaal_ekstern miljoe_natur_naturdata_inventoer |
| miljoe_natur_MC | miljoe_natur_naturdata_sagsbehandler miljoe_natur_naturdata_sagsbehandler_KS miljoe_natur_naturdata_laes miljoe_natur_indsamlingsformaal_stat |
| miljoe_natur_konsulent_MC | miljoe_natur_naturdata_laes miljoe_natur_naturdata_sagsbehandler miljoe_natur_indsamlingsformaal_stat |
| miljoe_natur_kom | miljoe_natur_naturdata_sagsbehandler miljoe_natur_naturdata_sagsbehandler_KS miljoe_natur_naturdata_laes miljoe_natur_indsamlingsformaal_kom miljoe_natur_naturdata_inventoer |
| miljoe_natur_konsulent_kom | miljoe_natur_naturdata_laes miljoe_natur_naturdata_sagsbehandler miljoe_natur_indsamlingsformaal_kom |
| miljoe_natur_nst | miljoe_natur_naturdata_sagsbehandler miljoe_natur_naturdata_sagsbehandler_KS miljoe_natur_indsamlingsformaal_nst |
| miljoe_natur_konsulent_nst | miljoe_natur_naturdata_sagsbehandler miljoe_natur_indsamlingsformaal_nst |
| miljoe_natur_ekstern_konsulent | miljoe_natur_naturdata_sagsbehandler miljoe_natur_indsamlingsformaal_ekstern |