Ignore:
Timestamp:
3 Apr 2015, 17:45:48 (10 years ago)
Author:
Henrik Bettermann
Message:

Update security documentation.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • main/waeup.kofa/trunk/docs/source/userdocs/security.rst

    r12844 r12847  
    1313===========
    1414
    15 The whole set of permissions and roles are described in the :py:mod:`Permissions and Roles Module<waeup.kofa.permissions>`. Here we describe only a subset of permission classes which are essential for the security settings configuration.
     15The whole set of permission and role classes are described in the :py:mod:`Permissions and Roles Module<waeup.kofa.permissions>`. Here we describe only a subset of permission classes which are essential for the security settings configuration.
    1616
    1717General Permissions
     
    130130Many global roles do only bundle one or two permissions. The objective behind is to share responsibilities and distribute tasks.
    131131
     132Global roles are being assigned via the user manage form page.
     133
    132134Global General Roles
    133135--------------------
     
    171173--------------------------------
    172174
     175Global Application Section Roles are assigned portal-wide (globally) but do actually only allocate permissions in the Application Section.
     176
    173177.. autoclass:: waeup.kofa.applicants.permissions.ApplicantRole()
    174178   :noindex:
     
    183187----------------------------
    184188
     189Global Student Section Roles are assigned portal-wide (globally) but do actually only allocate permissions in the Student Section.
     190
    185191.. autoclass:: waeup.kofa.students.permissions.StudentRole()
    186192   :noindex:
     
    201207   :noindex:
    202208
    203 Local Roles
    204 ===========
    205 
    206 Dynamic Roles
    207 =============
     209Local Roles and Dynamic Role Assignment
     210=======================================
     211
     212In contrast to global roles, which are assigned portal-wide, local role permissions are gained for a specific context.
     213
     214Some local roles serve a second purpose. At first glance it appears strange that some of these 'odd' roles do not give more permissions than the user already has due to other roles. Their real purpose is to delegate permissions to the students or application section. If a user has for example the LocalStudentsManager role described below at department level, s/he automatically gets the StudentsManager role for those students studying in this department. We call this a **dynamic role**. In contrast to static global or local roles, dynamic roles are not stored in the database, they are dynamically assigned.
     215
     216Local roles are assigned either automatically by the system during user object setup or manually through the web interface. The automatically assigned local roles are:
     217
     218.. autoclass:: waeup.kofa.permissions.Owner()
     219   :noindex:
     220
     221.. autoclass:: waeup.kofa.applicants.permissions.ApplicationOwner()
     222   :noindex:
     223
     224.. autoclass:: waeup.kofa.students.permissions.StudentRecordOwner()
     225   :noindex:
     226
     227All other local roles must be assigned manually via context manage form pages.
     228
     229.. autoclass:: waeup.kofa.permissions.ApplicationManager()
     230   :noindex:
     231
     232.. autoclass:: waeup.kofa.permissions.DepartmentOfficer()
     233   :noindex:
     234
     235.. autoclass:: waeup.kofa.permissions.DepartmentManager()
     236   :noindex:
     237
     238.. autoclass:: waeup.kofa.permissions.Lecturer()
     239   :noindex:
     240
     241The following local roles do also delegate permissions to the student section. In other words, dynamic roles are assigned.
     242
     243.. autoclass:: waeup.kofa.permissions.ClearanceOfficer()
     244   :noindex:
     245
     246.. autoclass:: waeup.kofa.permissions.LocalStudentsManager()
     247   :noindex:
     248
     249.. autoclass:: waeup.kofa.permissions.LocalWorkflowManager()
     250   :noindex:
     251
     252.. autoclass:: waeup.kofa.permissions.UGClearanceOfficer()
     253   :noindex:
     254
     255.. autoclass:: waeup.kofa.permissions.PGClearanceOfficer()
     256   :noindex:
     257
     258.. autoclass:: waeup.kofa.permissions.CourseAdviser100()
     259   :noindex:
Note: See TracChangeset for help on using the changeset viewer.