Roles and PermissionsΒΆ
In Mantik a role-based access control (RBAC) is implemented to handle permissions for the access to Mantik projects and to share projects with other users or groups of users.
Project Roles and PermissionΒΆ
For the interaction with a (public/private) Mantik project, five different roles are distinguished in the project settings. The roles can be assigned to individual users, user groups and/or organizations (see also Collaborations). The actions that are allowed to be performed by users of a certain role are summarized in the following table.
Project Role |
Description |
Rights |
---|---|---|
|
A user who visits the project. |
Read only. |
|
A user that is part of a project, but not involved in the research. |
All of |
|
A user who is doing the research within the project. |
All of |
|
A user who is managing the project. |
All of |
|
A user who owns the project. |
All of |
A Project Member
is anybody that is at least a Reporter
or has higher privileges. In a private project a Guest
does not have access to anything so the Reporter
role is needed for view permissions.
Further Details
Action |
Guest |
Reporter |
Researcher |
Maintainer |
Owner |
---|---|---|---|---|---|
View project info |
β |
β |
β |
β |
β |
Update project info |
β |
β |
|||
View code repositories |
β |
β |
β |
β |
β |
Add code repository |
β |
β |
β |
||
Update code repository |
β |
β |
β |
||
Delete code repository |
β |
β |
β |
||
View data repositories |
β |
β |
β |
β |
β |
Add data repository |
β |
β |
β |
||
Update data repository |
β |
β |
β |
||
Delete data repository |
β |
β |
β |
||
View run in repository |
β |
β |
β |
β |
β |
Add run to repository |
β |
β |
β |
||
Cancel running run |
β * |
β * |
β * |
||
Update run in repository |
β |
β |
β |
||
Delete run from repository |
β |
β |
β |
||
View run schedule |
β |
β |
β |
||
Schedule a run from the repository |
β |
β |
β |
||
Edit a schedule of a run |
β |
β |
β |
||
Delete a schedule of a run |
β |
β |
β |
||
Schedule a run from the repository |
β |
β |
β |
||
View experiment in repository |
β |
β |
β |
β |
β |
Add experiment to repository |
β |
β |
β |
||
Update experiment in repository |
β |
β |
β |
||
Delete experiment from repository |
β |
β |
β |
||
View model in repository |
β |
β |
β |
β |
β |
Add model to repository |
β |
β |
β |
||
Update model in repository |
β |
β |
β |
||
Delete model from repository |
β |
β |
β |
||
Deploy algorithm from repository |
β |
β |
|||
Deploy model for inference |
β |
β |
β |
β |
|
Manage role of users/user groups in the project |
β |
||||
Invite users/user groups to the project |
β |
||||
Delete project |
β |
* only possible if also Run Owner
(person who starts the run)
Project Role AssignmentΒΆ
As described in detail in Collaborations, the collaboration between users is organized in three hierarchical entities.
User
: Represents a single user.
User Group
: Represents a collection of users.
Organization
: Represents a collection of groups and users.
A User
, a User Group
and/or an Organization
can be assigned to a Project
. A Project Role
can be assigned to a User
, a User Group
and/or an Organization
.
We note that a User
or a User Group
can have at the same time multiple roles in the same Project
. When this happens the actual Project Role
of the User
or a User Group
is the one with most rights among the different roles.
Example:
Alice is a
User
.Alice is member of the Mantik
Project
.Aliceβs
Project Role
atUser
level isReporter
.Alice is a member of the
User Group
Team Green.Team Green is a group assigned to the Mantik
Project
.Team Greenβs
Project Role
atUser Group
level isMaintainer
.Therefore, Aliceβs actual
Project Role
isMaintainer
.
In the example Alice has two Project Roles
in the Mantik Project
,
a Reporter
role assigned at the User
level and a Maintainer
role inherited by the membership in the User Group
Team Green.
Since a Maintainer
has more rights than a Reporter
, Alice has all rights of a Maintainer
for the project.
In most cases when assigning a Project Role
to a User Group
or Organization
,
it is safer to assign a role with few rights like Reporter
or Researcher
. While a Project Role
with many rights like Maintainer
and Owner
should be assigned at User
level.
By assigning a `Projectβ to a group/user group or organization together with a role, projects can be shared between users and groups of users and the access can be controlled.
Permissions within the collaboration hierarchyΒΆ
UserΒΆ
User type |
Description |
Permissions |
---|---|---|
Guest |
Visitor of the webapp who is not logged-in. |
Can create an account. |
User |
Logged-in on the webapp. |
Can create projects, user groups, organizations and update his info. |
Further Details
Action |
Guest |
User |
---|---|---|
Create new user account |
β |
|
View own user settings |
β |
|
Update own user settings |
β |
|
Delete user account |
β |
User GroupΒΆ
User type |
Description |
Permissions |
---|---|---|
External User |
User who is not part of the user group. |
Can create a new user group. |
Member |
A member of the user group. |
Read rights within the user group. |
Admin |
Owner of the user group. |
All rights within in the user group. |
Further Details
Action |
External User |
Member |
Admin |
---|---|---|---|
Create new group |
β |
β |
β |
View user group info |
β |
β |
|
Update user group info |
β |
||
Edit user group settings |
β |
||
Delete user group |
β |
OrganizationsΒΆ
User type |
Description |
Permissions |
---|---|---|
External-User |
User who is not part of the organization. |
Can create a new organization. |
Member |
A member of the organization. |
Read rights within the organization. |
Contact |
Owner of the organization. |
All rights within the organization. |
Further Details
Action |
External-User |
Member |
Contact |
---|---|---|---|
Create a new organizations |
β |
β |
β |
View organization info |
β |
β |
|
Update organization info |
β |
||
Edit organization settings |
β |
||
Delete organization |
β |