= Taiwan Authorisation =

== Requirement about Access Control in Eden ==
By Hsiaojan Liu

 * Briefing
   * Access control is able to create and edit
   * Read/write and read only should be separate for each role to each module.
   * For registry users, default access is limited since registry is open to public.
   * Each role is separate and independent. Each user is open to give multiple roles.
   * There are 3 types of confidentiality level for map. Each level is an independent module for role setting.
   * Special access control for “fulfill the request”
 * Requirement – Create and edit role
   * Admin users are able to create role
   * Steps for role creation, all are required
     * Click “create a role” button
     * Name the role. Return error message for existing role name.
     * Check the access for modules by checking the access level, see 2.3.3
  * Role list & Steps for role edition
     * Display as below
|| Role name / Modules || Org || Shelter || RMS || Hospital || Admin    || 
|| Camp Admin          || R   || R/W     || R/W || R        || -        ||
|| Camp Volunteer      || R   || R/W     || R   || -        || -        ||
     * Find the role by searching role name or browsing role list.
     * Module access and read/write or read only is editable. 
     * Click the role name and link to the role editing page as below
----
Role name camp amdin Access control setting 
|| Org      || none  || Read /write || Read only ||
|| Shelter  || none  || Read /write || Read only ||
|| RMS      || none  || Read /write || Read only ||
|| Hospital || none  || Read /write || Read only || 
SAVE   
----
    
  * Requirement – Read/write and read only
    * When the read only is checked for a specific module for a role, the write button should be gray out
    * For a user, read/write is able to rewrite read only from two roles for the same module.
    * Example: If user C has been given role A and role b, user c is able to read and write for module A.

|| Role A || Module A – Read/write ||
||        || Module B – Read only  ||
|| Role B || Module A – Read only  ||
||        || Module B – Read only  || 

  * Requirement – Role and users
    * Admin users is default to read/write for all modules and are able to give roles to each user.
    * User info edit page for each user 
    * Put “user profile” into Edit personal Details page by adding one more tab.
    * Move the dropdown of login out and instead of the link of the user name to Edit personal Details page.
    * Put “Logout” beside user name.  

  * Requirement – Access to Mapping special
    * Three confidentiality level for map, basic map, advanced level, and top level
    * Each level has different layers form Eden map and which will be set by coding.
    * Each level is as a separate module in role creation process.

  * Requirement – OpenID usage
    * OpenID login is enable for both Agasti and Eden of SahanaTW. However, ACL of the account should be applied with openid login.


----
[wiki:Taiwan]

BluePrintAuthorization