Dashboard > SakaiPedia > ... > Sakai 1.5 Worksite Permissions > Account permissions
  SakaiPedia Log In | Signup View a printable version of the current page.  
  Account permissions
 Browse Space
Added by Clay Fenlason, last edited by John Leasia on Apr 13, 2005  (view change)
Labels: 
(None)

(version 1.5 - info provided by Michael Beasley and Nadine Blackwood)

The MyWorkspace, a default worksite given to each user. The admin's My Workspace is configured with special admin tools. Normal user My Workspaces have user tools. Which user tools are determined by the tools in the My Workspace template used to create all normal user My Workspaces. The my workspace template site is the site with site id of !user, named My Workspace. An installation can edit this site to include/exclude whatever tools they want their users to have in their My Workspaces. All users are assigned the "maintain" role in their respective MyWorkspace which gives them edit control over their my workspace.

Permissions for the System Administrator

The system administrator (admin) has access to tools to which no other regular user has access. The admin has tools such as "Users," "Realms," and "Sites" which allows the admin to create, delete, and generally administer these entities. The admin also has privileges and permissions not available to any other user. For example, the admin can see and edit all sites. And when Sakai is first installed, the admin is the only 'pre-installed' account, and is able to create worksites. Once users are added to the system (using the Admin's User tool), any user who is given the user type 'registered', will have the ability to create new sites. A user's type (the type on their account) is set when the user is added, in the Admin User tool.

Permissions for the Non-System Administrator

The ability to create sites for normal users is outside the scope of a particular worksite, and is determined by the type of account. The type determines which realm template the user has, and in the realm template is the control for ability to create sites. The realm template used is !user.template.<type>, where type is the type of account. For example, by default Sakai has a realm template !user.template.registered. That realm has the site.add permission enabled so any user whose account is of type 'registered' will be able to create worksites.

If an account has no type, or a type for which a cooresponding realm template is not found, the !user.template realm is used. The !user.template by default has site.add disabled, so users with no type cannot create worksites.

If you wanted to create a new account type - guest - you could add a !user.template.guest realm by editing (Admin Realm tool) the !user.template.registered realm, copying it to !user.template.guest, and then editing the !user.template.guest to turn on/off the site.add permission as desired.

When an account is created using the New Account tool, it is created with type Registered. By default then, these users have the ability to create new worksites. This could be changed by editing the !user.template.registered realm (Admin Realm tool) and unchecking the site.add permission.

Default Sakai realms include
!user.template (no site.add permission)
!user.template.guest (no site.add permission)
!user.template.registered (site.add permission enabled)
!user.template.maintain (site.add permission enabled)

Note: do not confuse the account type maintain with the role or maintain that may be given a user in a particular site. Account type and role in a worksite server two different purposes.

Comments  (Hide)

User My Workspace sites are created from the !user template upon account creation. Therefore, changes to the template only affect accounts that are created after the change. It is important that the template be concrete prior to account creation, otherwise, it appears that you will manually need to push changes to previously created accounts.

Does anybody know of a convenient way to push !user template changes to user My Workspaces after account creation?

Posted by Jim Pease at May 10, 2005 12:04

Gleaned from sakai-dev, some code to drop user workspaces (mysql syntax) so they get recreated:

– optional: drop all user myWorkspaces, so they get new ones (with new stuff)
delete from SAKAI_SITE_USER where site_id like '~%' and site_id != '~admin';
delete from SAKAI_SITE_TOOL_PROPERTY where site_id like '~%' and site_id != '~admin';
delete from SAKAI_SITE_TOOL where site_id like '~%' and site_id != '~admin';
delete from SAKAI_SITE_PAGE where site_id like '~%' and site_id != '~admin';
delete from SAKAI_SITE where site_id like '~%' and site_id != '~admin';

Posted by Stephen Marquard at Dec 21, 2005 04:36

You can also create different My Workspace templates for different user types, by creating sites named !user.type, e.g. !user.guest

Posted by Stephen Marquard at Dec 21, 2005 05:56
Site running on a free Atlassian Confluence Open Source Project License granted to Sakai Foundation. Evaluate Confluence today.
Powered by Atlassian Confluence, the Enterprise Wiki. (Version: 2.5.5 Build:#811 Jul 25, 2007) - Bug/feature request - Contact Administrators