Changeset 12847 for main/waeup.kofa/trunk/docs
- Timestamp:
- 3 Apr 2015, 17:45:48 (10 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
main/waeup.kofa/trunk/docs/source/userdocs/security.rst
r12844 r12847 13 13 =========== 14 14 15 The whole set of permission s and roles are described in the :py:mod:`Permissions and Roles Module<waeup.kofa.permissions>`. Here we describe only a subset of permission classes which are essential for the security settings configuration.15 The whole set of permission and role classes are described in the :py:mod:`Permissions and Roles Module<waeup.kofa.permissions>`. Here we describe only a subset of permission classes which are essential for the security settings configuration. 16 16 17 17 General Permissions … … 130 130 Many global roles do only bundle one or two permissions. The objective behind is to share responsibilities and distribute tasks. 131 131 132 Global roles are being assigned via the user manage form page. 133 132 134 Global General Roles 133 135 -------------------- … … 171 173 -------------------------------- 172 174 175 Global Application Section Roles are assigned portal-wide (globally) but do actually only allocate permissions in the Application Section. 176 173 177 .. autoclass:: waeup.kofa.applicants.permissions.ApplicantRole() 174 178 :noindex: … … 183 187 ---------------------------- 184 188 189 Global Student Section Roles are assigned portal-wide (globally) but do actually only allocate permissions in the Student Section. 190 185 191 .. autoclass:: waeup.kofa.students.permissions.StudentRole() 186 192 :noindex: … … 201 207 :noindex: 202 208 203 Local Roles 204 =========== 205 206 Dynamic Roles 207 ============= 209 Local Roles and Dynamic Role Assignment 210 ======================================= 211 212 In contrast to global roles, which are assigned portal-wide, local role permissions are gained for a specific context. 213 214 Some local roles serve a second purpose. At first glance it appears strange that some of these 'odd' roles do not give more permissions than the user already has due to other roles. Their real purpose is to delegate permissions to the students or application section. If a user has for example the LocalStudentsManager role described below at department level, s/he automatically gets the StudentsManager role for those students studying in this department. We call this a **dynamic role**. In contrast to static global or local roles, dynamic roles are not stored in the database, they are dynamically assigned. 215 216 Local roles are assigned either automatically by the system during user object setup or manually through the web interface. The automatically assigned local roles are: 217 218 .. autoclass:: waeup.kofa.permissions.Owner() 219 :noindex: 220 221 .. autoclass:: waeup.kofa.applicants.permissions.ApplicationOwner() 222 :noindex: 223 224 .. autoclass:: waeup.kofa.students.permissions.StudentRecordOwner() 225 :noindex: 226 227 All other local roles must be assigned manually via context manage form pages. 228 229 .. autoclass:: waeup.kofa.permissions.ApplicationManager() 230 :noindex: 231 232 .. autoclass:: waeup.kofa.permissions.DepartmentOfficer() 233 :noindex: 234 235 .. autoclass:: waeup.kofa.permissions.DepartmentManager() 236 :noindex: 237 238 .. autoclass:: waeup.kofa.permissions.Lecturer() 239 :noindex: 240 241 The following local roles do also delegate permissions to the student section. In other words, dynamic roles are assigned. 242 243 .. autoclass:: waeup.kofa.permissions.ClearanceOfficer() 244 :noindex: 245 246 .. autoclass:: waeup.kofa.permissions.LocalStudentsManager() 247 :noindex: 248 249 .. autoclass:: waeup.kofa.permissions.LocalWorkflowManager() 250 :noindex: 251 252 .. autoclass:: waeup.kofa.permissions.UGClearanceOfficer() 253 :noindex: 254 255 .. autoclass:: waeup.kofa.permissions.PGClearanceOfficer() 256 :noindex: 257 258 .. autoclass:: waeup.kofa.permissions.CourseAdviser100() 259 :noindex:
Note: See TracChangeset for help on using the changeset viewer.