Table of Contents |
---|
In this article the process of User Registration for a new user is described from two perspectives: the perspective of the new user, and the perspective of an administrator.
...
- A new user registers, but is not yet able to log in.
- The administrator
- configures (global) roles and (Data Model-specific) permissions for the user,
- enables the user,
- and then the new user is able to log in.
New User
You can visit the home page of a Metadata Exchange instance, for example: https://test.metadata.works
...
Once you've validated your email address you will have access to the system however, you will probably start with a blank catalogue until your administrator gives you access to specific models.
Administrator
When a new user registers, at first he/she will be "disabled", have the global roles "ROLE_USER", and not have Data Model-specific permissions.
User Details and (Global) User Roles
As an administrator, you can look at a (new) user's details and global roles by clicking the "Users" action in the "System" dropdown menu (with the cog icon) in the top-right navigation bar.
...
This takes you to the Spring Security Management Console, where you can search for a user by username, email, and other factors. The search result appears below, and clicking on the username will take you to a page where you can view and edit User Details and (Global) Roles.
User Details
Below is an image of the page showing User Details. This shows/allows you to edit
- The user's username
- The user's password (can only be edited, not viewed)
- The user's email address
- Whether the user is "Enabled"– by default a new user will be disabled. This means he/she will not be able to login until you enable them.
- Whether the account is expired
- Whether the account is locked– you can use this option to lock a user temporarily
- Whether the user's password is expired.
(Global) Roles
Below is an image of the page showing (Global) Roles of the user. By default a new user only has role "ROLE_USER". An explanation of the roles follows.
...
- ROLE_USER: every user has this role.
- ROLE_METADATA_CURATOR: a user with this role has the ability to create a new DataModel.
- ROLE_ADMIN & ROLE_SUPERVISOR: we currently do not distinguish between an administrator and a supervisor as separate entities. Rather they should be considered as one unit. An administrator/supervisor should have both of these roles. This gives them the ability to edit user details, see and edit all DataModels, and generally perform all actions in the system.
- ROLE_REGISTERED & ROLE_STACKTRACE: we do not use these roles currently.
Data Model-Specific Permissions
A user may have Data Model-specific permissions.
...
The entry appears. You can then delete the entry by clicking the "Delete" button.
Recursive Granting
A new feature being developed is the ability to grant permissions to a model AND its imported models.
With this feature the user may select one of three options of how to grant a permission for a model.
- Grant selected permission for selected model and 'read' permission for its imported models. This is recursive so it also grants 'read' for the imported models' imported models, and so on.
- Grant selected permission only for selected model.
- Grant selected permission for selected model and (the same permission) for its imported models. Recursive.
For example, granting "Administration" permission to Cancer Model v3.2.3 also gave "Read" access to all of its imported models.