Previously, we used Okta groups to manage all permissions, with one group per permission. This quickly became unsustainable however as the number of highly granular permissions grew.
As of December 2021 we now use a custom Profile attribute to manage user permissions.
To grant a user access to the applications
/wiki/spaces/SI/pages/2326855681To grant a user permissions to specific resources
As in the previous section, most users have their UKRDC permissions set by role groups. To reconfigure permissions associated with role groups, see the link below
Setting up role groupsAssign custom permissions to a user
Warning: If the user is a member of a role group, that will override any custom permissions. Permissions are reset periodically to match the users role group.
From the Okta admin page, to to Directory → People
Find and click on the user
Click the Profile tab, then click Edit
At the bottom of the page, assign both UKRDC Permissions, and UKRDC Units
Any user with at least Read Records permissions will automatically be added to the UKRDC group, granting them access to log into the Live UKRDC web interface.
Modifying available permissions/units
This should only be used by developers when adding a new permission type to the API, e.g. managing access to an entirely new category of resource/data