Users and Roles
A user account is defined by a log-in name and password, and has a set of access rights associated with it. Users access MobileTogether Server for administrative purposes or as client end users.
Access rights are determined by the privileges a user is granted. A user receives privileges in the following ways: (i) privileges inherited from roles the user is a member of, (ii) privileges assigned directly to the user. A role is defined by a set of privileges. A role is either assigned privileges directly and/or inherits the privileges of another role that it is a member of. Privileges themselves are access rights to the various administrative functions and services of MobileTogether Server. Examples of privileges are: the right to manage server settings, to set a user's own password, to run simulations on the server.
Through the use of roles, user privileges can be defined in a hierarchical way. For example, the role of SimpleAdmin role could allow the privilege, Manage server settings. If AdvancedAdmin is a member of SimpleAdmin, it inherits the management of server settings, and could additionally be assigned the privilege, Maintain users, roles and privileges. The hierarchical chain can then be further extended. For a list of privileges, see Available Privileges.
A user is defined by a name-and-password combination. Users access MobileTogether Server in two ways:
•Web UI access: The Web UI is the administrative interface of MobileTogether Server. Logging in to the Web UI requires a name-and-password combination; it is therefore done as a user.
•Service interface: The HTTP service interface exposes MobileTogether Server services, typically to the MobileTogether Client app on a mobile device. A user accesses the service interface by using a name-and-password combination. The services exposed relate typically to access to MobileTogether solutions and their related data.
Two special users are predefined:
A privilege is an activity that a user is allowed to carry out. There is a fixed number of MobileTogether Server privileges, and a user can be assigned zero to all of the available privileges. It is, however, good practice to assign privileges via roles (see next section), rather than to assign privileges directly to the user. The assigning of privileges and roles to a user is done by a user that has been assigned this privilege. Initially, it is root user that has this privilege.
The screenshot below shows all the available privileges.
The tab Users and Roles | Reports | Privileges Report provides a list of all privileges, with each privilege being listed together with all the users/roles that have that privilege.
A role defines a set of privileges. It can be assigned to another role or to a user. A role's privileges automatically become the privileges of any other role or any user that the role is assigned to. A user can be assigned any number of roles. As a result, a user will have all the privileges defined in the multiple assigned roles.
The following roles are predefined:
•authenticated is automatically assigned to every user except anonymous. So a user with a name-and-password is assigned the authenticated role.
•all is automatically assigned to every user including anonymous.
•workflow-designer is assigned to users that design workflows in MobileTogether Designer. This role allows a user to open and save workflows, as well as to run a simulation on the server.
•workflow-user is assigned to users running the workflow on a mobile device. This role allows the user to access the service interface without needing to log in to the server and start the solution on the client.
•admin has all available privileges and is intended for users that are to function as administrators.