Privileges and Roles Explained

Contact: Juliana Pranke (European Spallation Source ERIC)

This section describes how the SPMS administrator can grant/restrict user access to/from any web page generated by SPMS.

Intro to Roles and Privileges

The SPMS is delivered with a set of default system parameters. The person requesting a new SPMS instance would normally be given Conference Administrator rights, thereby becoming the person who has the rights and privileges to do almost any task in SPMS, including assigning privileges to other people.

Database Administrator privilege is normally assigned to Volker Schaa, Christine Petit-Jean-Genaz, the RSC Managers (Matt Arena, Ronny Billen, Takashi Kosuge), plus any other LOC persons as required though care should be taken not to give all privileges to too many persons.

All SPMS Users with specific conference related tasks (e.g. Editor, Registration Manager, SPC members etc.) are grouped into functional roles. Functional roles are assigned privileges. Privileges are mapped to Web pages.

Warning: The most important thing to remember is that any Web page not mapped to a specific privilege is not restricted in any way. Any SPMS user can access the page. It is important not to remove critical pages from a privilege such as the registration maintenance module or the repository administrators' module. Although these links are not generally known to the typical user, leaving them unprotected can lead to serious issues if accessed by malicious persons.

When SPMS is first installed, commonly used mappings of privileges to Web pages are pre-loaded into a conference instance. It is unlikely that you need to change the default setup. However, if you require additional fine-grained access you can remap any Web page to any privilege using the "Web Pages" link.

Every conference administrator must identify a minimum set of users that require privileged access. The most common are SPMS administrators and conference editors.

How to Enable and Restrict Privileges

Beginning at the SPMS left hand side menu click

Overall Database Administration / Privileges, Roles & Users.

This menu reveals four links:

Behind the above links you will find guidance on how to set up/work with all of them.

References

Christine Petit-Jean-Genaz: http://spms.kek.jp/pls/jacowtm2014/agenda.by_session?sid=WEPSR1

Todd Satogata: https://oraweb.cern.ch/pls/jacowtm2015/agenda.full (WEPSIA01_TALK (and WEPSIA02_TALK))