In SB Auth, we manage users and their access to some of our restricted resources. The system is intended to replace WS Auth, as it integrates with GU X accounts and other eduGAIN identitity providers.
This page provides instructions for SB Auth administrators, and is not intended for all SB Auth users to read.
If you need help with giving users access, talk to Herbert.
- A User can have a Grant to a Resource
- The Grant is of a certain Level: READ, WRITE or ADMIN
- Each Resource is of a certain Resource type
- The admin interface is at spraakbanken.gu.se/auth/admin
- Only a few SB Auth administrators have access
- After logging in, you are redirected to spraakbanken.gu.se/auth. This is a bug (sb-auth issue #42). Go again to spraakbanken.gu.se/auth/admin to enter the admin interface
- The interface at spraakbanken.gu.se/auth is open for any authenticated user
- It shows the user's User record and associated Grant records
- When clicking a resource where they have the ADMIN level, they can also see other Users and Grants for that resource
- There is also an Add user button for creating Invites, but this functionality is broken at the moment
As the functionality is still limited and broken, we do not usually inform users about this interface.
Adding access to a user
New users cannot really be added manually, because some values need to given by their Identity Provider (IdP). Instead, their accounts are created automatically when they authenticate for the first time. This results in a rather awkward workflow, which we intend to fix soon.
- Ask the user to access the restricted content
- The user will be prompted to choose their identity provider (e.g. GU), and then username and password (e.g. X account)
- They will then receive some kind of error because they do not yet have the required permission
- Now you can enter the administration interface and add a new Grant, selecting the User, Resource and Level as needed
- Finally, tell the user to try again
More on the data model
|Stores an identity as provided by an IdP
|Relates a User with a Resource and a Level
|Anything that needs permission management: a dataset, an app...
|The majority right now are Mink corpora which are generated by user activity
|Define access levels
|Closed group, changing these may break services
|Group resources at a high level
|Changing the type of an existing resource may break services
|Let a new user gain access to a selected resource
|Broken atm, see sb-auth issue #32
|Not yet in use