-
Notifications
You must be signed in to change notification settings - Fork 0
Deploy Authorization Concept
The authorization concept describes the different roles of the solution - mainly for documentation of the authorization of different roles of the sw360. It is not focusing for the roles like being a moderator, it is described on a separate page for users: role and access model
SW360 offers two choices for doing the roles: one is setting access rights at every record individually. Another are general roles that can be set for every user. An admin of SW360 can set user roles at the Liferay Users and Roles UI.
The setup admin is the Liferay administrator, which can configure the entire liferay app, such as which portlets are shown on which page.
The SW360 admin can change all data and promote users for more access rights, such as promoting a user to role CLEARING_ADMIN. So its use case is to promote users to clearing admins after some time without always asking the site administrator to do this. To enhance the SW360_ADMIN role to allow users of this role to promote other users's roles, follow these steps:
- Go to control panel
- Select the
Userssection - To subsection
Roles - Select row for
SW360 Adminand select actionDefine permissions.
When defining permissions the idea is to reduce the permissions to the lowest level possible. Just allow for changing users.
The clearing admin can change all component and release records and project records of the same group.
In addition to the user rights, the security admin can set security vulnerabilities to irrelevant
In addition to the user rights, the ECC admin can manipulate ECC data.
A user can create, modify and delete all own (=self created) records. A user cannot change records of others
If a user with user or other access role rights is not entitled to write or change a record, a moderation request will be created. The moderation request contains the changes an will be routed for approval to the users who can write this record.