Role based admin privilege management
Will be added here very soon. (m² 2021-09-30)Assigning users and admins privileges to book or administer resources one device at a time will get laborious very soon. To ease that pain, Infrabooking has roles that can be assigned to users, and adjusting role based access deploys the corresponding changes to all users who have that role. This is very handy when new branches are added to the resource tree. By default, no-one has rights to book or administer new resource types. An example: When PHYS department admins finally add their time machines to Infrabooking, they can grant user roles 'academic' and 'commercial' right to book the device, and admin roles 'PHYS device admin' and 'PHYS infrastructure admin' rights to administer those resources.
Full list of roles that have been defined is given further down this page.
First, open the Infrabooking management interface and navigate to Maintenance functions.
Select Administrative functions.
Click the "Role administration" tab near the top of the page.
You can click "Search" to show all roles that have been defined or search by role code or name.
Below is the beginning of the full list of roles and their corresponding base roles and privileges. Let't edit the role 'academic', which is the default for all Aalto users.
The first interesting thing in the settings is "Usage types". By default, Aalto's users can book device time only for academic work, which is listed as "Aalto Internal" in the list. Other usage types should be self evident.
If we want to change generic users' access to Bioanalytics resources, we can open the drop down menu and select something else than the default "Booking access". "Browsing access" allows seeing the resources in Infrabooking, but not make bookings. "Unconfirmed bookings only" option allow reservations, but they stay unconfirmed until device admin either confirms or cancels the reservation. "Admin access" and "No access" should be self-evident to anyone who makes it this far into this guide.
There is even more fine grained control of rights. The list above shows only top level resources types. Access can be controlled also by resources groups, which are subtypes to the top level. By clicking the "set buildings..." link and unchecking the "Same access to all buildings" box, we have the same options as above for each subtype. This is handy if for example Cell and Molecular Biology resources are all at CHEM, but Electrophoresis devices at PHYS. You can grant CHEM and PHYS admin roles rights to their respective resources.
(Yes, the admin interface talks about buildings instead of resource types and groups. This is a holdover from the past generations of the background system.)
Finally, save the changes you have made, and close the window.
Individual based admin privilege management