Role based authorization

Starmind uses a role based authorization approach. A user can have multiple roles which grant access to different parts of the application/API. The roles are applied additively (that means each role defines unique rights, combining roles allows to grant the combined right to a user). Roles can be grouped into User-, Admin- and Technical- roles.

User Roles (Unprivileged)

Role Key Description
User user This is the default role for all users and does not need to be applied specifically. A user is able to create new questions, forward and solve questions and write comments. In addition, a user is able to access other user profiles and top topics within the network.
Manager manager This role allows to access the "Management Cockpit". A Manager can find experts based on topics. He can generate statistics (number of solved questions, average time per question). Whereas all reports do not include any user specific data. In addition, a Manager can identify topics with non or only bad solutions (socalled "Whitespots").
User Limited user_limited This role allows only very limited access to the API until the user has accepted the Data Privacy Agreement (GDPR). Generally means, the user is only allowed to work with his own data.
Preview preview This role allows a user to access features that are still in "Preview" state.

Admin Roles (Privileged)

Role Key Description
Communication Admin communication_admin This role can manage the communication features of a network. He can create, read, delete and update announcement.
Content Admin content_admin This role can manage all the content of a network. He can create, read, delete and update questions, comments and solutions. The name of the original question poser is never disclosed to the Content Manager.
Network Statistics Admin network_statistics_admin This role can download statistics data from the network.
Settings Admin settings_admin This role allows to read and update the network settings.
User Admin user_admin This role allows to add, edit and deactivate users in the network. This role is usually assigned to the Helpdesk of the customer to support the users in first level support.
User Statistics Admin user_statistics_admin This role can download user score statistics from the network.

Technical Roles (Privileged)

Role Key Description
Act On Behalf on_behalf_user The on behalf user has the same rights as a regular user, but he can additionally make all actions in the name of another user. This allows him e.g. to write a solution in the name of another user.
API User api_user The api user may authenticate with the API.
Read only read_only The read-only user can only read questions (including deleted questions).