source: main/waeup.kofa/trunk/docs/source/userdocs/security.rst @ 12839

Last change on this file since 12839 was 12829, checked in by Henrik Bettermann, 10 years ago

Add sections to userdocs.
File size: 3.4 KB
Line 
1.. _security_policy:
2
3Security
4********
5
6Kofa has a very efficient security machinery. The machinery does not perform authorization checks on the content objects themselves stored in the database but restricts the usage of views, i.e. web pages and forms which are needed to view or edit data. Views are protected by permissions the user must have to use the view. Instead of assigning permissions seperately to users, permissions are bundled into sets of permissions, so-called roles which can be assigned to users through the web interface.
7
8It is important to note that permissions do not include other permissions. Only roles 'include' permissions. A 'manage' permission, for example, does not automatically enable users to open pages which merely display the data. These pages have their own 'view' permission. Another example is the ManagePortal permission described below. The name of the permission may lead to believe that users can do everything with this permssions. This is not true. It does only give access to certain pages which are dedicated to portal managers and must not be accessed by any other user.
9
10.. contents::
11
12Permissions
13===========
14
15The whole set of permissions and roles are described in the :py:mod:`Permissions and Roles Module<waeup.kofa.permissions>`. Here we describe only a subset of permission classes which are crucial to configure the security settings properly.
16
17General Permissions
18-------------------
19
20.. autoclass:: waeup.kofa.permissions.Public
21   :noindex:
22
23.. autoclass:: waeup.kofa.permissions.Anonymous
24   :noindex:
25
26.. autoclass:: waeup.kofa.permissions.Authenticated
27   :noindex:
28
29.. autoclass:: waeup.kofa.permissions.ManageUsers
30   :noindex:
31
32.. autoclass:: waeup.kofa.permissions.EditUser
33   :noindex:
34
35.. autoclass:: waeup.kofa.permissions.ManagePortal
36   :noindex:
37
38.. autoclass:: waeup.kofa.permissions.ViewAcademics
39   :noindex:
40
41.. autoclass:: waeup.kofa.permissions.ManageAcademics
42   :noindex:
43
44.. autoclass:: waeup.kofa.permissions.ManagePortalConfiguration
45   :noindex:
46
47.. autoclass:: waeup.kofa.permissions.ManageDataCenter
48   :noindex:
49
50.. autoclass:: waeup.kofa.permissions.ExportData
51   :noindex:
52
53.. autoclass:: waeup.kofa.permissions.ImportData
54   :noindex:
55
56Student Section Permissions
57---------------------------
58
59.. autoclass:: waeup.kofa.permissions.ShowStudents
60   :noindex:
61
62
63Global Roles
64============
65
66Global or site roles are assigned portal-wide. In contrast to local roles, users have this role in every context.
67
68Many global roles do only bundle one or two permissions. The objective behind is to share responsibilities and distribute tasks.
69
70The highly specialized roles are:
71
72.. autoclass:: waeup.kofa.permissions.AcademicsOfficer
73   :noindex:
74
75.. autoclass:: waeup.kofa.permissions.AcademicsManager
76   :noindex:
77
78.. autoclass:: waeup.kofa.permissions.DataCenterManager
79   :noindex:
80
81.. autoclass:: waeup.kofa.permissions.ImportManager
82   :noindex:
83
84.. autoclass:: waeup.kofa.permissions.ExportManager
85   :noindex:
86
87.. autoclass:: waeup.kofa.permissions.ACManager
88   :noindex:
89
90.. autoclass:: waeup.kofa.permissions.UsersManager
91   :noindex:
92
93.. autoclass:: waeup.kofa.permissions.WorkflowManager
94   :noindex:
95
96In contrast to these specialized sets of permissions, there are two sets which delegate extensive powers on portal managers.
97
98.. autoclass:: waeup.kofa.permissions.PortalManager
99   :noindex:
100
101.. autoclass:: waeup.kofa.permissions.CCOfficer
102   :noindex:
103
104Local Roles
105===========
106
107Dynamic Roles
108=============
Note: See TracBrowser for help on using the repository browser.