[Building Sakai] Sakai realms ???

[Steve Swinsburg]

Hi Phuc,

Let me address some of the user and site realm questions for you:

A User realm such as !user.template.xxxx maps to a user *type*. A user  
in Sakai can have only one type and you can see that in their Account.  
This defines the set of permissions that they can have, ie if they are  
allowed to create a site, change their details etc.

Generally, you should have a !user.template.xxx for each type. Ie if  
you have the user types 'guest' and 'registered', then also have ! 
user.template.guest and !user.template.registered. You can see how the  
end section matches the type. If you do not have a matching one, then  
the permissions in !user.template are used as a fallback.

A similar approach is taken for site types. There are the site  
template realms !site.template.xxx for each site type you have, ie  
project, course etc. Again defaulting to !site.template if no site  
type is defined or none matches.

In each of these realms you can define the roles and permissions. For  
example, in the !site.template.project realm you have two roles,  
access and maintain with different permissions for each. When a site  
is created with that same type (project), it takes a copy of the roles  
and permissions from it's template, ie !site.template.project. You  
then assign users to that site with roles of access or maintain and  
because the permissions have been copied from the template, they get  
those permissions in that site.

It's pretty important to get the permissions right before you start  
creating sites as the roles and permissions are *copied* from the  
template realm, not inherited. There is a !site.helper realm which is  
meant to allow you to extend the set of permissions for a given role,  
but AFAIK the roles must exist in the children sites in the first  
place. I;ve never had much luck with it though.

I have a web service which synchronises roles and permissions from the  
template site to children sites if you need to tweak the permissions  
after they have been created.

Hope that helps address few queries.

cheers,
Steve

---
Steve Swinsburg
Portal Systems Developer
Centre for e-Science
Lancaster University
Lancaster
LA1 4YT

email: s.swinsburg at lancaster.ac.uk
phone: +44 (0) 1524 594870







On 12 May 2009, at 10:51, Phuc Bui wrote:

> Dear all,
> I do not understand clearly about the Sakai realm and role.
> The realm id, such as !user.template.maintain, /content/attachment/,  
> is there any convention to create new realm name?
> 1. What happens if I create new realm like this !user.template.my_name
> 2. What is the difference between the id like !xxx.xxx and /xxx/xxx ?
> 3. When should we create new realm myself ?
> About the role:
> When I create new site, I have the realm like this /site/ 
> 54f3be76-7159-44be-8bf0-61cb73781511, and now I can add new role and  
> assign permission for that role.
> 1. When I create a new role and assign that role to a user, that  
> user cannot see the site. Although earlier he had the role Student  
> and joined the site ?
> 2. When I create a new course site, I have 3 default roles:  
> Instructor, Teacher assistant and Student. If I want a new default  
> role for course site, I add new role to the realm ! 
> site.template.course ?
>
> By the way, would you please show me some articles that tell about  
> Sakai realm and role ?
>
> Thanks for your interest
> Phuc Bui
>
> _______________________________________________
> sakai-dev mailing list
> sakai-dev at collab.sakaiproject.org
> http://collab.sakaiproject.org/mailman/listinfo/sakai-dev
>
> TO UNSUBSCRIBE: send email to sakai-dev-unsubscribe at collab.sakaiproject.org 
>  with a subject of "unsubscribe"

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2437 bytes
Desc: not available
Url : http://collab.sakaiproject.org/pipermail/sakai-dev/attachments/20090512/1654170c/attachment.bin