Changes

HowTo:Configure Users and User Rights

1,429 bytes added, 13:14, 16 December 2019

=== Login ===

In {{UBIK}}, an account object is called [[Login]], with the system [[MetaClass]] ''LOGIN''. Theoretically, a user can have multiple such login credentials, but normally, you'd have one per user. If there are multiple logins for one user, you can create a custom meta class for the users and link the login objects to them via ~~[[Relation]] or~~ the ''CONSUMER'' [[Reference]] property (see also how to [[HowTo:Relate_Objects]]). You can also create a derivation of the ''LOGIN'' system meta class to add further details for the instances.A login object has the following important properties:* ''LOGINNAME'': The account name* ''DOMAINNAME'': The domain name* ''SYSADMINRIGHTS'': Whether the user has administrator privileges in {{UBIK}} Studio* ''USE_DOMAIN_CREDENTIALS'': Whether to use Active Directory for authentication* ''PASSWORD'': The password* ''CONSUMER'': A link to the person this login is associated with (useful if there are multiple accounts per person) So, the steps to create a login are:# Find the system meta class ''LOGIN'' and drag it into a new bulk editor.# Create a new instance, filling in at least the ''LOGINNAME'', the ''DOMAINNAME'' and the ''PASSWORD''.# Save the new instance.

=== User groups ===

If you have just one group of users (i.e., all the users have the same rights or highly individual rights), it is not necessary to configure groups.

The steps to create and apply a group are:

# Find the system meta class ''USERGROUP'' and drag it into a new bulk editor.

# Create a new instance, filling in the name

# Save the new instance.

# Drag the new group into a relation browser.

# Find the login(s) you want to associate with the group and drag it onto the relation node for ''SYSREL_GROUP_LOGIN'' (relation between groups and logins).

# Save the changes.

<!--

== User rights ==

There is no fully prepared feature for user- or group-specific rights in {{UBIK}}. However, you can customize user rights and their ~~consequences~~execution.

=== Defining rights ===

First, it will be necessary to define what rights there should be. ~~For example~~In general, ~~there could~~ it should be possible to control whether a ~~right~~ user is allowed to ~~see a specific type of object. Or maybe~~view ("read"), ~~the right to see or~~ edit ~~specific properties of an object~~("write"), create and delete data. ~~You~~ Creation and deletion rights can ~~create a meta class for user rights providing meta properties for all~~ be subsumed into the ~~details you might need, maybe even just a name~~right to manipulate ("write") data.

=== Configuring rights ===

~~The next step is~~ So we have the basic definitions for reading and writing. Now we have to ~~assign rights~~ apply them to use-cases, respectively, objects and users~~. If you have user~~ (or better, groups). E.g., ~~the rights~~ if it should be ~~related~~ possible to ~~them. You can even define~~ control the rights ~~as specifically parameterized relation instances between a~~ for editing an object's properties, one could relate the respective user group to the object and a set the right on the relation data object. Then, the group is related to the target object, with the respective right as a property of their relation connection.

=== Evaluating rights ===

Now that we have defined and configured rights, we have to evaluate them. This can happen in many ways,

-->

{{Template:HowTo/Begin}}

NWE

1,606

edits