[Building Sakai] Sakai .auth and .anon Roles

Rafael Morales Gamboa rmorales at suv.udg.mx
Tue Jun 17 08:59:33 PDT 2014 

If you get the URL for a site in Sakai and you try it, Sakai will check 
first if you are a registered user subscribed to the site and, in such a 
case, allow to visit the site according to your role. Otherwise, if you 
are a registered Sakai user not subscribed to the site but this one has 
defined the .auth role, you are allowed to visit the site with the 
permissions given to that role. Finally, if you are not registered in 
Sakai but the site has defined the .anon role, you are allowed to visit 
the site with the permissions given to that role. Otherwise, you are 
denied access to the site.

Hope it is clear enough.

Regards,
Rafael

On 18/05/2014 09:46 a. m., Kurosch Petzold wrote:
> Hey,
>
> sorry for the spam but I got another question could someone please explain
> what the special roles .anon and .auth are used for. I found the following
> definitions at edia (http://sakai.edia.nl/?p=868):
>
>      The .anon role is the internal role for all not logged in users.
>      The .auth role is the internal role for all logged in users who are
> not a member of the site.
>
> But what does that really mean?
>
> Thank you,
> Kurosch
>> Hi,
>>
>> thanks for your reply. That link was really helpful, though I knew most of
>> it already.
>>
>> Please bear with me as there are some stupid understanding issues
>> included.
>>
>> So my questions are:
>> [] First of all there are four models of RBAC in general (Core, Hierarchy,
>> Constraint and Consolidate). Sakais model uses something similar to the
>> core model right?
>>
>> [] RBAC96 hierarchy model (I mean hierarchy part) may be simulated to some
>> extend with syncs between !site.template.course with course sites (updates
>> can be inherited through sync) or through the !site.helper realm
>>
>> [] Is it possible to have admin roles with different permissions? Have an
>> admin without "become user" capability or limited permissions in something
>> like worksite setup -> can only create project sites or site and realm
>> browser with view only functionality? if not is it planned?
>>
>> [] Could you elaborate on the groups part? What are they used for, can the
>> group.* realms override permissions from site.* realms?
>>
>>
>> [] Just out of curiosity who developed that model?
>>
>> Thanks,
>> Kurosch Petzold
>>
>>
>>> It is custom.  Steve wrote up a good page here:
>>> http://steveswinsburg.wordpress.com/2009/05/30/roles-in-sakai-sites/
>>>
>>> Sites have realms; realms contain roles; roles contain permissions.
>>>
>>> Sites also contain groups; groups have their own realm; realms contain
>>> roles; roles contain permissions.
>>>
>>> What specific questions do you have about Sakai's role-based access
>>> control?
>>>
>>>
>>>
>>> On Tue, May 13, 2014 at 12:55 PM, Kurosch Petzold <
>>> kurosch.petzold at fu-berlin.de> wrote:
>>>
>>>> Hello,
>>>>
>>>> is there any detailed documentation available for the role system used
>>>> in
>>>> Sakai. I know it is Role-Based Access Control (RBAC) but there is
>>>> hardly
>>>> any information about any specifics how it is implemented or whether it
>>>> uses RBAC96, NIST model, another model or a custom model.
>>>>
>>>> I would really appreciate any help as I need to document how the
>>>> complete
>>>> role system works for my thesis and it would help us expand our IT
>>>> proceedings documentation.
>>>>
>>>> Best regards,
>>>> Kurosch
>>>>
>>>> _______________________________________________
>>>> production mailing list
>>>> production at collab.sakaiproject.org
>>>> http://collab.sakaiproject.org/mailman/listinfo/production
>>>>
>>>> TO UNSUBSCRIBE: send email to
>>>> production-unsubscribe at collab.sakaiproject.org with a subject of
>>>> "unsubscribe"
>>>>
>>> _______________________________________________
>>> sakai-dev mailing list
>>> sakai-dev at collab.sakaiproject.org
>>> http://collab.sakaiproject.org/mailman/listinfo/sakai-dev
>>>
>>> TO UNSUBSCRIBE: send email to
>>> sakai-dev-unsubscribe at collab.sakaiproject.org with a subject of
>>> "unsubscribe"
>>
>>
>> _______________________________________________
>> sakai-dev mailing list
>> sakai-dev at collab.sakaiproject.org
>> http://collab.sakaiproject.org/mailman/listinfo/sakai-dev
>>
>> TO UNSUBSCRIBE: send email to
>> sakai-dev-unsubscribe at collab.sakaiproject.org with a subject of
>> "unsubscribe"
>>
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://collab.sakaiproject.org/pipermail/sakai-dev/attachments/20140617/c753cf05/attachment.html

More information about the sakai-dev mailing list