User, Role and Access Management. This part of the data model is used to control that the access of data on a regional hub. It allows managing users, roles and operations. Only the responsible administrator of a hub is able to create new users with an initial password. After the creation, the user gets roles assigned in the context of an arbitrary number of databases. Since it is possible that one participant is running several databases, we also have to ensure that a user may play different roles on those databases. E.g., Graz is hosting two databases where on one hand user-A is administrator of database-A, but on the other a normal user in database-B. To ensure the fulfilment of that needs each user gets roles assigned which always belong to a specific participant database. Connected to a role there are operations that the user is allowed to perform when owning a role. E.g., having the role LocalAdmin the user is allowed to add content to the participant database in which context he holds the role.
Appears in 2 contracts
Sources: Grant Agreement, Grant Agreement