[Building Sakai] Few questions about Sakai realms

John Leasia jleasia at umich.edu
Fri May 22 05:49:02 PDT 2009 

There is information here
http://bugs.sakaiproject.org/confluence/display/DOC/Sys+Admin+Guide
that might help.

Some comments below -
John

Am Khan wrote:

> Hi,
>
>  
>
>  
>
> We are excited about using Sakai and I am trying to move forward by 
> upgrading to 2.6.x, setting up appropriate roles and templates, and 
> integrating our instance with LDAP.  I am little confused about the 
> Sakai Realms and I would appreciate if anyone can point me to some 
> documentation. 
>
>  
>
> Here are a few things confusing me about Sakai Realms:
>
>    1. !goup.template.course and !goup.template.portfolio realms (How
>       are these realms used?)
>
The first is a template that is given to a group when a group is created 
in a course site - it controls what permissions a role has within the 
scope of a group w/r to tools that are group aware. For example, for a 
particular assignment for GroupX, it specifies that Student role can 
submit. Same for groups made in a site with type portfolio. If you 
create a group in a site with type xxx, and there is no template named 
!group.template.xxx, then the default permissions the group xxx realm 
gets are from !group.template

>
> 2. .anon and .auth for user user relams (I am guessing .auth for 
> authentication, what is .anon?)

.auth is for someone who is authenticated - logged in. .anon is for 
someone who hasn't logged in - anonymous. You can give them various 
permissions to do things -f or example .anons can visit the gateway 
site.  Adam mentions some good cautions in his email.

> 3. maintain role for !user.template.maintain (maintain role for 
> !user.template.maintain is maintain  !#@$?)

users with the account type of maintain get the !user.template.maintain 
realm. This realm is consulted mainly for determining whether the user 
has the 'new' item in their My Workspace > Worksite Setup tool, which 
allows them to create new sites (the site.add permission). You don't 
want to turn on other permissions in that realm. So for example, here at 
UM we have 'guest' accounts for non-UM affiliated users. There is a 
!user.template.guest realm, and the site.add permission is not checked 
because we don't give them the ability to create new sites. For our 
affiliated with UM accounts, we do have site.add checked (for the .auth 
role in that template).

      <>  4. !pubview, !site.template, !site.helper (How are these
      realms used?) 

!pubview -  certain tools (announcements, resources, syllabus) let you 
specify the content as public if you want. This realm controls what 
users can do who are viewing that content (which you can see from the 
Site Browser tool that you might put on your gateway page - which lets 
you browse sites, and see a listing of sites along with links to any 
content from the tools mentioned above that has been made public). I 
wouldn't think you'd want anything but the 'view' permissions check - so 
that they only have read permissions.

!site.template - when a site is created, it gets a default set of 
roles/permissions. If the site has a corresponding template, then it 
gets defaults from that template. If there is no corresponding template, 
it gets defaults from !site.template. A 'corresponding' template is one 
that is named for the site type - e.g., !site.template.project, 
!site.template.course, !site.template.<sitietype>

!site.helper - sometimes you want to 'spread' a permission for a 
particular role through every site. If you check a permission on in the 
site.helper realm for a particular role, then for *every* site with that 
role in the system, that role will then have that permission. You can't 
remove it from the permission screens in the tool either. Kind of a 
emergency plug - there are scripts folks have developed that might be 
better when you need to backfill existing realms with a particular 
permission.

>  
>
> I also have a few more questions:
>
>  
>
> 5. Currently our Sakai instance (Sakai 2.4) is not integrated with 
> LDAP and I have to remove about 150 users.  Can I just delete them 
> from Sakai_user and Skai_user_id_map tables?

You could do that, but it leaves other things dangling out there - their 
my workspace for example, content they may have loaded there, other 
things. I believe there are scripts out there to do some of these things 
I believe.

> 6. What are the implications of setting up a course site; is there any 
> automatic change to the site after the academic term passes?

There are no automatic changes made that are part of Sakai. A site 
remains until it is deleted or changed.

>  
>
> Thanks and regards
>
> Am Khan
>
>  
>
>------------------------------------------------------------------------
>
>_______________________________________________
>sakai-dev mailing list
>sakai-dev at collab.sakaiproject.org
>http://collab.sakaiproject.org/mailman/listinfo/sakai-dev
>
>TO UNSUBSCRIBE: send email to sakai-dev-unsubscribe at collab.sakaiproject.org with a subject of "unsubscribe"
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://collab.sakaiproject.org/pipermail/sakai-dev/attachments/20090522/bf7dfb9c/attachment.html

More information about the sakai-dev mailing list