Dashboard > SakaiPedia > ... > Sakai 1.5 Worksite Permissions > Realms and Roles
  SakaiPedia Log In | Signup View a printable version of the current page.  
  Realms and Roles
 Browse Space
Added by Mark J. Norton, last edited by Michael Beasley on Aug 25, 2005  (view change)
Labels: 
(None)

John Leasia Answers to Vishwak Rajgopalan Questions

I read about roles and realms from the Sakai Installation FAQ. Based on that,
I understand that there are four system-defined roles:
1) Maintain 2) Access 3) .auth 4) .anon

Roles are defined within the scope of a particular worksite. The default roles that worksites have are maintain and access. Each of these has a different matrix of permitted abilities. These roles are found in the !site.template(s) that provide the default set of roles to given sites. Sites can have types, and the site gets the corresponding site.template (so a site of type 'course' gets the !site.template.course roles). These roles are withing the scope of a particular site - a user may have maintain role in one site and access role in another.

The .auth and .anon roles are found in the !user.template(s). !user.templates are used to give permissions to users outside the scope of a particular site. If they are logged in (authorized), they get the .auth role for their particular account type. For example, if a user's type is 'registered', when they login, they get the .auth role in the !user.template.registered. Basically all this is used for is to determine whether a user can create worksites or not (controlled by the site.add permission in the .auth role).

and three possible types that the admin can mention in the "Type" field of
"Users" tool which are:

  1. Maintain
  2. Registered
  3. Guest

Those are the default out of the box in Sakai. You can make more depending on your needs.

1) Why do we need separate maintain and .auth roles as they seem to be similar?

hopefully explained above

2) What is the default type that a user is assigned if the admin leaves the
"Type" field blank when creating a new user.

If there is no type (or the type is one that doesn't have a corresponding !user.template.<type>), then the user gets !user.template which means they by default do not have the ability to create worksites.

3) What is the difference between Maintain as a "role" and Maintain as a
"type of account".

The maintain role is assigned to users within a site. The maintain type on a user account is there for legacy reasons - the new type is 'registered'. An account created by a user with the New Account widget is given the 'registered' type. You might want to change this so by default new users can't create worksites. You could edit the !user.template.registered realm and uncheck site.add. Then, if you wanted to give a particular user the ability to create worksites, you could change their type to maintain.
Site running on a free Atlassian Confluence Open Source Project License granted to Sakai Foundation. Evaluate Confluence today.
Powered by Atlassian Confluence, the Enterprise Wiki. (Version: 2.5.5 Build:#811 Jul 25, 2007) - Bug/feature request - Contact Administrators