Roles and PermissionsΒΆ

In Mantik a role-based access control (RBAC) is implemented to handle permissions for the access to Mantik projects and to share projects with other users or groups of users.

Project Roles and PermissionΒΆ

For the interaction with a (public/private) Mantik project, five different roles are distinguished in the project settings. The roles can be assigned to individual users, user groups and/or organizations (see also Collaborations). The actions that are allowed to be performed by users of a certain role are summarized in the following table.

Project Role

Description

Rights

Guest

A user who visits the project.

Read only.

Reporter

A user that is part of a project, but not involved in the research.

All of Guest, deploy models for inference, and download model artifacts and its dockerized container.

Researcher

A user who is doing the research within the project.

All of Reporter, and add and update code, data, run, experiment and model repositories.

Maintainer

A user who is managing the project.

All of Researcher and deploy code from a repository for e.g. training, update project info.

Owner

A user who owns the project.

All of Maintainer and change all project settings including manage user/user group roles, invite users/user groups to the project and delete the project.

A Project Member is anybody that is at least a Reporter or has higher privileges. In a private project a Guest does not have access to anything so the Reporter role is needed for view permissions.

Further Details

Action

Guest

Reporter

Researcher

Maintainer

Owner

View project info

βœ“

βœ“

βœ“

βœ“

βœ“

Update project info

βœ“

βœ“

View code repositories

βœ“

βœ“

βœ“

βœ“

βœ“

Add code repository

βœ“

βœ“

βœ“

Update code repository

βœ“

βœ“

βœ“

Delete code repository

βœ“

βœ“

βœ“

View data repositories

βœ“

βœ“

βœ“

βœ“

βœ“

Add data repository

βœ“

βœ“

βœ“

Update data repository

βœ“

βœ“

βœ“

Delete data repository

βœ“

βœ“

βœ“

View run in repository

βœ“

βœ“

βœ“

βœ“

βœ“

Add run to repository

βœ“

βœ“

βœ“

Cancel running run

βœ“ *

βœ“ *

βœ“ *

Update run in repository

βœ“

βœ“

βœ“

Delete run from repository

βœ“

βœ“

βœ“

View run schedule

βœ“

βœ“

βœ“

Schedule a run from the repository

βœ“

βœ“

βœ“

Edit a schedule of a run

βœ“

βœ“

βœ“

Delete a schedule of a run

βœ“

βœ“

βœ“

Schedule a run from the repository

βœ“

βœ“

βœ“

View experiment in repository

βœ“

βœ“

βœ“

βœ“

βœ“

Add experiment to repository

βœ“

βœ“

βœ“

Update experiment in repository

βœ“

βœ“

βœ“

Delete experiment from repository

βœ“

βœ“

βœ“

View model in repository

βœ“

βœ“

βœ“

βœ“

βœ“

Add model to repository

βœ“

βœ“

βœ“

Update model in repository

βœ“

βœ“

βœ“

Delete model from repository

βœ“

βœ“

βœ“

Deploy algorithm from repository

βœ“

βœ“

Deploy model for inference

βœ“

βœ“

βœ“

βœ“

Manage role of users/user groups in the project

βœ“

Invite users/user groups to the project

βœ“

Delete project

βœ“

* only possible if also Run Owner (person who starts the run)

Project Role AssignmentΒΆ

As described in detail in Collaborations, the collaboration between users is organized in three hierarchical entities.

User: Represents a single user.

User Group: Represents a collection of users.

Organization: Represents a collection of groups and users.

A User, a User Group and/or an Organization can be assigned to a Project. A Project Role can be assigned to a User, a User Group and/or an Organization. We note that a User or a User Group can have at the same time multiple roles in the same Project. When this happens the actual Project Role of the User or a User Group is the one with most rights among the different roles.

Example:

  • Alice is a User.

  • Alice is member of the Mantik Project.

  • Alice’s Project Role at User level is Reporter.

  • Alice is a member of the User Group Team Green.

  • Team Green is a group assigned to the Mantik Project.

  • Team Green’s Project Role at User Group level is Maintainer.

  • Therefore, Alice’s actual Project Role is Maintainer.

In the example Alice has two Project Roles in the Mantik Project, a Reporter role assigned at the User level and a Maintainer role inherited by the membership in the User Group Team Green.

Since a Maintainer has more rights than a Reporter, Alice has all rights of a Maintainer for the project.

In most cases when assigning a Project Role to a User Group or Organization, it is safer to assign a role with few rights like Reporter or Researcher. While a Project Role with many rights like Maintainer and Owner should be assigned at User level.

By assigning a `Project’ to a group/user group or organization together with a role, projects can be shared between users and groups of users and the access can be controlled.

Permissions within the collaboration hierarchyΒΆ

UserΒΆ

User type

Description

Permissions

Guest

Visitor of the webapp who is not logged-in.

Can create an account.

User

Logged-in on the webapp.

Can create projects, user groups, organizations and update his info.

Further Details

Action

Guest

User

Create new user account

βœ“

View own user settings

βœ“

Update own user settings

βœ“

Delete user account

βœ“

User GroupΒΆ

User type

Description

Permissions

External User

User who is not part of the user group.

Can create a new user group.

Member

A member of the user group.

Read rights within the user group.

Admin

Owner of the user group.

All rights within in the user group.

Further Details

Action

External User

Member

Admin

Create new group

βœ“

βœ“

βœ“

View user group info

βœ“

βœ“

Update user group info

βœ“

Edit user group settings

βœ“

Delete user group

βœ“

OrganizationsΒΆ

User type

Description

Permissions

External-User

User who is not part of the organization.

Can create a new organization.

Member

A member of the organization.

Read rights within the organization.

Contact

Owner of the organization.

All rights within the organization.

Further Details

Action

External-User

Member

Contact

Create a new organizations

βœ“

βœ“

βœ“

View organization info

βœ“

βœ“

Update organization info

βœ“

Edit organization settings

βœ“

Delete organization

βœ“