[Summary view] [Print] [Text view]

   1  @title User Guide: Account Roles
   2  @group userguide
   3  
   4  Describes account roles like "Administrator", "Disabled" and "Bot".
   5  
   6  = Overview =
   7  
   8  When you create a user account, you can set roles like "Administrator",
   9  "Disabled" or "Bot". This document explains what these roles mean.
  10  
  11  = Administrators =
  12  
  13  **Administrators** are normal users with a few extra capabilities. Their primary
  14  role is to keep things running smoothly, and they are not all-powerful. In
  15  Phabricator, administrators are more like //janitors//.
  16  
  17  Administrators can create, delete, enable, disable, and approve user accounts.
  18  Various applications have a few other capabilities which are reserved for
  19  administrators by default, but these can be changed to provide access to more
  20  or fewer users.
  21  
  22  Administrators are **not** in complete control of the system. Administrators
  23  **can not** login as other users or act on behalf of other users. They can not
  24  destroy data or make changes without leaving an audit trail. Administrators also
  25  can not bypass object privacy policies.
  26  
  27  Limiting the power of administrators means that administrators can't abuse
  28  their power (they have very little power to abuse), a malicious administrator
  29  can't do much damage, and an attacker who compromises an administrator account
  30  is limited in what they can accomplish.
  31  
  32  NOTE: Administrators currently //can// act on behalf of other users via Conduit.
  33  This will be locked down at some point.
  34  
  35  = Bot/Script Accounts =
  36  
  37  **Bot/Script** accounts are accounts for bots and scripts which need to
  38  interface with the system, but are not regular users. Generally, when you write
  39  scripts that use Conduit (like the IRC bot), you should create a Bot/Script
  40  account for them.
  41  
  42  These accounts were previously called "System Agents", but were renamed to make
  43  things more clear.
  44  
  45  The **Bot/Script** role for an account can not be changed after the account is
  46  created. This prevents administrators form changing a normal user into a bot,
  47  retrieving their Conduit certificate, and then changing them back (which
  48  would allow administrators to gain other users' credentials).
  49  
  50  **Bot/Script** accounts differ from normal accounts in that:
  51  
  52    - administrators can access them, edit settings, and retrieve credentials;
  53    - they do not receive email;
  54    - they appear with lower precedence in the UI when selecting users, with
  55      a "Bot" note (because i t usually does not make sense to, for example,
  56      assign a task to a bot).
  57  
  58  = Disabled Users =
  59  
  60  **Disabled Users** are accounts that are no longer active. Generally, when
  61  someone leaves a project (e.g., leaves your company, or their internship or
  62  contract ends) you should disable their account to terminate their access to the
  63  system. Disabled users:
  64  
  65    - can not login;
  66    - can not access Conduit;
  67    - do not receive email; and
  68    - appear with lower precedence in the UI when selecting users, with a
  69      "Disabled" note (because it usually does not make sense to, for example,
  70      assign a task to a disabled user).
  71  
  72  While users can also be deleted, it is strongly recommended that you disable
  73  them instead if they interacted with any objects in the system. If you delete a
  74  user entirely, you won't be able to find things they used to own or restore
  75  their data later if they rejoin the project.