= Taiwan Authorisation = == Requirement about Access Control in Eden == By Hsiaojan Liu * Briefing * Access control is able to create and edit * Read/write and read only should be separate for each role to each module. * For registry users, default access is limited since registry is open to public. * Each role is separate and independent. Each user is open to give multiple roles. * There are 3 types of confidentiality level for map. Each level is an independent module for role setting. * Special access control for “fulfill the request” * Requirement – Create and edit role * Admin users are able to create role * Steps for role creation, all are required * Click “create a role” button * Name the role. Return error message for existing role name. * Check the access for modules by checking the access level, see 2.3.3 * Role list & Steps for role edition * Display as below || Role name / Modules || Org || Shelter || RMS || Hospital || Admin || || Camp Admin || R || R/W || R/W || R || - || || Camp Volunteer || R || R/W || R || - || - || * Find the role by searching role name or browsing role list. * Click the role name and link to the role editing page as below ---- Role name camp amdin Access control setting || Org || none || Read /write || Read only || || Shelter || none || Read /write || Read only || || RMS || none || Read /write || Read only || || Hospital || none || Read /write || Read only || SAVE ---- * Module access and read/write or read only is editable. * Requirement – Read/write and read only * When the read only is checked for a specific module for a role, the write button should be gray out * For a user, read/write is able to rewrite read only from two roles for the same module. * Example: If user C has been given role A and role b, user c is able to read and write for module A. || Role A || Module A – Read/write || || || Module B – Read only || || Role B || Module A – Read only || || || Module B – Read only || * Requirement – Role and users * Admin users is default to read/write for all modules and are able to give roles to each user. * User info edit page for each user * Put “user profile” into Edit personal Details page by adding one more tab. * Move the dropdown of login out and instead of the link of the user name to Edit personal Details page. * Put “Logout” beside user name. * Requirement – Access to Mapping special * Three confidentiality level for map, basic map, advanced level, and top level * Each level has different layers form Eden map and which will be set by coding. * Each level is as a separate module in role creation process. * Requirement – OpenID usage * OpenID login is enable for both Agasti and Eden of SahanaTW. However, ACL of the account should be applied with openid login. ---- [wiki:Taiwan] BluePrintAuthorization