Role based authorization
Starmind uses a role based authorization approach. A user can have multiple roles which grant access to different parts of the application/API. The roles are applied additively (that means each role defines unique rights, combining roles allows to grant the combined right to a user). Roles can be grouped into User-, Admin- and Technical- roles.
User Roles (Unprivileged)
| Role | Key | Description |
|---|---|---|
| User | user | This is the default role for all users and does not need to be applied specifically. A user is able to create new questions, forward and solve questions and write comments. In addition, a user is able to access other user profiles and top topics within the network. |
Admin Roles (Privileged)
| Role | Key | Description |
|---|---|---|
| Communication Admin | communication_admin | This role can manage the communication features of a network. He can create, read, delete and update announcement. |
| Content Admin | content_admin | This role can manage all the content of a network. He can create, read, delete and update questions, comments and solutions. The name of the original question poser is never disclosed to the Content Manager. |
| Network Statistics Admin | network_statistics_admin | This role can download statistics data from the network. |
| Settings Admin | settings_admin | This role allows to read and update the network settings. |
| User Admin | user_admin | This role allows to add, edit and deactivate users in the network. This role is usually assigned to the Helpdesk of the customer to support the users in first level support. |
| User Statistics Admin | user_statistics_admin | This role can download user score statistics from the network. |
Technical Roles (Privileged)
| Role | Key | Description |
|---|---|---|
| Act On Behalf | on_behalf_user | The on behalf user has the same rights as a regular user, but he can additionally make all actions in the name of another user. This allows him e.g. to write a solution in the name of another user. |
| API User | api_user | The api user may authenticate with the API. |
| Read only | read_only | The read-only user can only read questions (including deleted questions). |