-
Notifications
You must be signed in to change notification settings - Fork 10
Access control
RSDB manages access rights based on user account roles. Each user account possesses a list of named roles.
RSDB layers have lists of roles. If roles of an user account match one role of a layer, access is granted for that user and layer.
Layers have three types of role lists:
| Layer role list | Access | Privileges |
|---|---|---|
| read | Layer and contained data can be accessed but not modified. | least access rights |
| modify | In addition to read roles, data can be modified. | more access rights |
| owner | In addition to modify roles, lists of read and modify roles can be changed. | most access rights |
The special role admin allows any type of access (all access rights). So, if an user account possesses the admin role, it is allowed everything. In particular admin role is allowed to change owner role lists of layers.
In addition to the custom role list of each user account, the role named after the user name is included for each user account. So, if a layer contains a role named same as a user account name the that accoun is granted access to that layer.
| Built-in role | Access | Privileges |
|---|---|---|
| admin | Layer and contained data can be accessed but not modified. | all access rights |
| (user name) | Roles of same name can be used in layer role lists. | role |
For new created layers, the owner of the user name role is set. If the new created layer is derived from another layer, in addition, read and modify roles of the other layer are copied.