Role Service

Objective

The Role Service allows for the creation and management of user roles in the system. A role represents a set of policies defining the privileges for performing actions in accordance to defined conditions, e. g. in accordance to object states. By granting these roles to users, their privileges are defined.

Additionally, for each eSciDoc role a scope is defined that specifies for which resource objects the role has been defined. The policies of a role are only evaluated during the authorization of a request to perform an action on a resource object, if the object is within the scope of the role. Otherwise, the role's policies are skipped during authorization.

Current Status

Released

Documentation

Additional Files