...
As of December 2021 we now use a custom Profile attribute to manage user permissions.
To grant a user access to the applications
From the Okta admin page, to to Directory → People
Find and click on the user
Click the Groups tab, then search for the group “UKRDC”
Click the UKRDC group, and it should be assigned to that user
| Note |
|---|
Adding a user to the UKRDC group will grant them access to log into the UKRDC web application, but without also granting resource permissions they won’t be able to access any data. See below. |
To grant a user permissions to specific resources
From the Okta admin page, to to Directory → People
Find and click on the user
Click the Profile tab, then click Edit
At the bottom of the page, assign both UKRDC Permissions, and UKRDC Units
...
Modifying available permissions/units
| Warning |
|---|
This should only be used by developers when adding a new permission type to the API, e.g. managing access to an entirely new category of resource/data |
From the Okta admin page, to to Directory → Profile Editor
Edit the User (default) profile template
Scroll down and edit (pencil icon) UKRDC Permissions or UKRDC Units
Add any extra items to Attribute Members
Note: The ‘value’ is what will get added to acces tokens. Display Name is just for the profile editor.