Parmalink: https://doc.oneportal.fi/x/D4EW
| Table of Contents |
|---|
| Note | ||
|---|---|---|
| ||
Starting version 3.0 In the future System and Custom Roles will be merged to just Roles. New schema is shown at the end of this page. |
onePortal™ utilise Trivore Identity Service (TIS) utilises role-based access control. In practise it means what selections you see in the Main Menu, depends on assigned roles at any particular time. There are about 30 different pre-defined roles. Each user account may have several roles. What one can do in onePortal™ TIS is determined by the assigned Roles (and the Permissions tied to those Roles).
onePortal™ TIS has two roles classes: built-in System Roles and flexible Custom Roles. System Roles have two permission levels: Admin and Auditor, which are depicted in the role names. Admin may administrate and manage, Auditor may view.
...
For comprehensive picture on how RBAC is implemented in onePortal™TIS, please see the image below.
...
Developer is another special role. It is reserved for application developers. Developers may manage Management API clients and OpenID Connect clients. Those are external applications utilising onePortal™ TIS platform. The onePortal™ API Guide, (Doc ID 1001-188P) explains it in more detail.
...
Role is a management unit in onePortal™TIS. Roles are preferably assigned to user groups, but may still be assigned to user accounts directly. This direct assignment is being phased away in a future release. If we look at the roles more carefully, we see there is an additional concept tightly related to a role, namely a permission. A permission is a detailed item. There are hundreds of permissions in onePortal™ TIS each allowing a certain small thing to be done. If that permission is missing (example: list user accounts), the signed in user account is not able to do any task which requires that permission.
...