[Building Sakai] Sakai .auth and .anon Roles

Alaa NIZAR alaanizar at iihem.ac.ma
Tue Jun 17 09:17:18 PDT 2014 

Hi,

I was in need for such a simple explanation.

If you excuse me, i want to add that the site owner can modify permissions for all roles associated with his site in almost every tool, not all of them.

Thank you.


Sent from Samsung Mobile

-------- Original message --------
From: Rafael Morales Gamboa <rmorales at suv.udg.mx> 
Date:17/06/2014  16:59  (GMT+00:00) 
To: sakai-dev at collab.sakaiproject.org 
Subject: Re: [Building Sakai] Sakai .auth and .anon Roles 

If you get the URL for a site in Sakai and you try it, Sakai will check first if you are a registered user subscribed to the site and, in such a case, allow to visit the site according to your role. Otherwise, if you are a registered Sakai user not subscribed to the site but this one has defined the .auth role, you are allowed to visit the site with the permissions given to that role. Finally, if     you are not registered in Sakai but the site has defined the .anon role, you are allowed to visit the site with the permissions given to that role. Otherwise, you are denied access to the site.

Hope it is clear enough.

Regards,
Rafael

On 18/05/2014 09:46 a. m., Kurosch Petzold wrote:
Hey,

sorry for the spam but I got another question could someone please explain
what the special roles .anon and .auth are used for. I found the following
definitions at edia (http://sakai.edia.nl/?p=868):

    The .anon role is the internal role for all not logged in users.
    The .auth role is the internal role for all logged in users who are
not a member of the site.

But what does that really mean?

Thank you,
Kurosch
Hi,

thanks for your reply. That link was really helpful, though I knew most of
it already.

Please bear with me as there are some stupid understanding issues
included.

So my questions are:
[] First of all there are four models of RBAC in general (Core, Hierarchy,
Constraint and Consolidate). Sakais model uses something similar to the
core model right?

[] RBAC96 hierarchy model (I mean hierarchy part) may be simulated to some
extend with syncs between !site.template.course with course sites (updates
can be inherited through sync) or through the !site.helper realm

[] Is it possible to have admin roles with different permissions? Have an
admin without "become user" capability or limited permissions in something
like worksite setup -> can only create project sites or site and realm
browser with view only functionality? if not is it planned?

[] Could you elaborate on the groups part? What are they used for, can the
group.* realms override permissions from site.* realms?


[] Just out of curiosity who developed that model?

Thanks,
Kurosch Petzold


It is custom.  Steve wrote up a good page here:
http://steveswinsburg.wordpress.com/2009/05/30/roles-in-sakai-sites/

Sites have realms; realms contain roles; roles contain permissions.

Sites also contain groups; groups have their own realm; realms contain
roles; roles contain permissions.

What specific questions do you have about Sakai's role-based access
control?



On Tue, May 13, 2014 at 12:55 PM, Kurosch Petzold <
kurosch.petzold at fu-berlin.de> wrote:

Hello,

is there any detailed documentation available for the role system used
in
Sakai. I know it is Role-Based Access Control (RBAC) but there is
hardly
any information about any specifics how it is implemented or whether it
uses RBAC96, NIST model, another model or a custom model.

I would really appreciate any help as I need to document how the
complete
role system works for my thesis and it would help us expand our IT
proceedings documentation.

Best regards,
Kurosch

_______________________________________________
production mailing list
production at collab.sakaiproject.org
http://collab.sakaiproject.org/mailman/listinfo/production

TO UNSUBSCRIBE: send email to
production-unsubscribe at collab.sakaiproject.org with a subject of
"unsubscribe"

_______________________________________________
sakai-dev mailing list
sakai-dev at collab.sakaiproject.org
http://collab.sakaiproject.org/mailman/listinfo/sakai-dev

TO UNSUBSCRIBE: send email to
sakai-dev-unsubscribe at collab.sakaiproject.org with a subject of
"unsubscribe"


_______________________________________________
sakai-dev mailing list
sakai-dev at collab.sakaiproject.org
http://collab.sakaiproject.org/mailman/listinfo/sakai-dev

TO UNSUBSCRIBE: send email to
sakai-dev-unsubscribe at collab.sakaiproject.org with a subject of
"unsubscribe"




-- 
This message has been scanned for viruses and 
dangerous content by MailScanner, and is 
believed to be clean.
-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://collab.sakaiproject.org/pipermail/sakai-dev/attachments/20140617/33b1d11c/attachment.html

More information about the sakai-dev mailing list