Previously, we used Okta groups to manage all permissions, with one group per permission. This quickly became unsustainable however as the number of highly granular permissions grew.
As of December 2021 we now use a custom Profile attribute to manage user permissions.
To grant a user access
From the Okta admin page, to to Directory → People
Find and click on the user
Click the Profile tab, then click Edit
At the bottom of the page, assign both UKRDC Permissions, and UKRDC Units
Any user with at least Read Records permissions will automatically be added to the UKRDC group, granting them access to log into the Live UKRDC web interface.
Modifying available permissions/units
From the Okta admin page, to to Directory → Profile Editor
Edit the User (default) profile template
Scroll down and edit (pencil icon) UKRDC Permissions or UKRDC Units
Add any extra items to Attribute Members
Note: The ‘value’ is what will get added to acces tokens. Display Name is just for the profile editor.