 |  |
| | |
TODO TODO TODO:update to new usermanager role. The following outlines briefly the role/rights concept and the way users are authenticated and authorized within OLAT.
In OLAT there are four basic system roles. Those roles are assigned a basic set of rights. You can add users to thos system roles in the Administration area within OLAT. Additional rights can be defined individually aswelll in the Administration area. The system roles are, in short:
guest: This is the guest system role with a limited set of rights which allows for example browsing the repository and launching content which is available to guests. All guest accounts are assigned this role.
user: This is the regular olat user role. All registered and authenticated users within the OLAT system are assigned this role. The role allows for the basic functionality such as personal briefcase, browsing the repository, creation of buddy groups and other.
author: This is the author system role. It includes all rights of the user system role but includes the author right which allows for example the creation of content in the repository.
administrator: This is the administrator or superuser system role. Users with this role have the whole set of rights within OLAT. In some workflows, users with this system role are treated differently from the rest of the users, giving them access to administrative functionality.
See also Section 2.7, “Groups” to learn more about the differences between groups and system roles.
OLAT provides an abstract mechanism of authenticating users. In the olat_config.xml
configuration file in section LoginModule you'll find a
set of authentication providers which handle authentication and authorization. This is
simply a class which extends AuthenticationController , hence
you'll have full controll over the workflow needed to authenticate you users. All
authentication providers liste in the config file (and enabled) will be presented to the
user on the login screen. The user may choose the way she wishes to authenticate herself.
At the time of writing, there are two implementations of AuthenticationController:
OLATAuthenticationController implements a simple
username/password authentication and
ShibbolethAuthenticationController implements authentication based
on Shibboleth1.3 (see the section on Shibboleth for details on this method of
authentication).
The authentication provider system is also used for other authentication purposes where an authentication is needed.
RSS: The personalized RSS feed is protected using a token.
This might appear in URL's therefore it should not be the same as the users
password. See RSSUtil.RSS_AUTH_PROVIDER)
Jabber: Jabber uses also another password than the login
password since it would not be save to use the other one. See
ClientManager.PROVIDER_INSTANT_MESSAGING)
| |  | |
 |