...
As of December 2021 we now use a custom Profile attribute to manage user permissions.
To grant a user access to the applications
From the Okta admin page, to to Directory → People
Find and click on the user
Click the Groups tab, then search for the group “UKRDC”
Click the UKRDC group, and it should be assigned to that user
| Note |
|---|
Adding a user to the UKRDC group will grant them access to log into the UKRDC web application, but without also granting resource permissions they won’t be able to access any data. See below. |
To grant a user permissions to specific resources
...
To grant a user permissions to specific resources
As in the previous section, most users have their UKRDC permissions set by role groups. To reconfigure permissions associated with role groups, see the link below
...
Assign custom permissions to a user
| Note |
|---|
Warning: If the user is a member of a role group, that will override any custom permissions. Permissions are reset periodically to match the users role group. |
From the Okta admin page, to to Directory → People
Find and click on the user
Click the Profile tab, then click Edit
At the bottom of the page, assign both UKRDC Permissions, and UKRDC Units
...
| Info |
|---|
Any user with at least Read Records permissions will automatically be added to the UKRDC group, granting them access to log into the Live UKRDC web interface. |
Modifying available permissions/units
| Warning |
|---|
This should only be used by developers when adding a new permission type to the API, e.g. managing access to an entirely new category of resource/data |
From the Okta admin page, to to Directory → Profile Editor
Edit the User (default) profile template
Scroll down and edit (pencil icon) UKRDC Permissions or UKRDC Units
Add any extra items to Attribute Members
Note: The ‘value’ is what will get added to acces tokens. Display Name is just for the profile editor.
...