User Account Mangement

[p-a-s-c-a-l]

If we allow external users to use the CSIS, we have to clarify how to distinguish between internal and external users, and how to clean up test, spam and orphan users.

Atm there are several uses registered, that are no project members and at least I don't know at which occasion and for which purpose they've created an account.

@fgeyer16 Maybe you can explain the relation between these two account directories:

• https://profile.myclimateservices.eu/admin/people
• https://csis.myclimateservice.eu/admin/people

Questions:

• All User that create a new account on profile.myclimateservices.eu do have automatically access to CSIS via CAS and therefore appear also in the csis.myclimateservice.eu list? Or is there a manual intervention by an admin needed?
• All User that create a new account on profile.myclimateservices.eu do have automatically to the Marketplace?
• How to distinguish between internal and external users? Do we create special roles for them?
• If a new user registers on profile.myclimateservices.eu, the account is initially disabled, right? Who receives the notification mail, who decides whether the account is unlocked or not (e.g. because of spam account)?
• What about GDPR stuff? Who takes care about that?

[Andrea4ad]

All User that create a new account on profile.myclimateservices.eu do have automatically to the Marketplace?

Single sign-on is active, so it´s YES

How to distinguish between internal and external users? Do we create special roles for them?

Roles and "business rules"; we are working on that. After having a "draft proposal" we will have to engage with end users for feedback; not only "internal" and "external" but better granularity.

In general there should only be one instance dealing with user rights, privacy etc. For the marketplace we plan to team up with a datamarket provider sharing burdens related to security, user authentification etc.
Visualization of "big picture" attached; here CSIS is a digital tool and digital tools are gathered in the marketplace. (atm convincing from a "marketplace" perspective - does not mean that this is a fact!)

[fgeyer16]

All User that create a new account on profile.myclimateservices.eu do have automatically access to CSIS via CAS and therefore appear also in the csis.myclimateservice.eu list? Or is there a manual intervention by an admin needed?

Everybody who has registered on profile.myclimateservices.eu is able to access CSIS but will not be in CSIS user list automatically. The user on CSIS is created on the first visit on that page. So csis user list show all users who has visited CSIS at leas once.

If a new user registers on profile.myclimateservices.eu, the account is initially disabled, right? Who receives the notification mail, who decides whether the account is unlocked or not (e.g. because of spam account)?

A new registered user is not disabled initially. The user is active after clicking on a confirmation link sent by email. No action by administrator is needed.

How to distinguish between internal and external users? Do we create special roles for them?

What are internal users? "Just" users from Clarity Partners or users with special (administrative) rights?

All User that create a new account on profile.myclimateservices.eu do have automatically to the Marketplace?

The marketplace will be the first page of the MCS-"Universe" which has requirements, that a user will have access to it. And this requirement for now is that the user needs at least one organisation added to his profile. This is because trade on marketplace is done between organisations (Companies, Cities, ..) and not between people. So opportunities and offers are linked to the organisation and not to the user. I was working on this last weeks and I am still on it. when this works the process can (and maybe should) be applied easily to CSIS and other pages as well.

`

[p-a-s-c-a-l]

For external users it might worth keeping this issue about individual permissions on data packages into account.

[p-a-s-c-a-l]

resolved

[p-a-s-c-a-l]

@fgeyer16 Here is another request to improve the CSIS Acceptance Test process, especially for external users.

We need a special role 'CSIS Testing Team' and a respective landing page in CSIS

• for project-internal users belonging to the GitHub CSIS Testing Team and
• external users that are asked to test / validate the system.

Adding users to this role in CAS is a manual task, so new users can use the existing profile registration page. This means also that some more people e.g. @p-a-s-c-a-l @DenoBeno need the possibility to assign users to this role. The question here is if the assignments to roles is done 'locally' on csis.myclimateservice.eu or 'globally' on profile.myclimateservices.eu. In the later case, we need the respective rights to do so on profile.myclimateservices.eu.

Reason:
If a user with this special role 'CSIS Testing Team' accesses CSIS, the landing page should show either a link to the Acceptance Test Specification or the complete speciations, so that user exactly knows what to do in order to test the system. Although we create individual issues in csis-technical-validation, this is useful for external users that are not on GitHub.

[fgeyer16]

@fgeyer16 Here is another request to improve the CSIS Acceptance Test process, especially for external users.

Since this is something which only affects csis and is not dependent on some field on profiles this is best done completely in csis. I have created the role "User admin" on csis.ait.ac.at which can edit users, and assigned this role to @p-a-s-c-a-l (username pascal.dihe) and @DenoBeno (username deno). This users had already the Administrator role but maybe we can then remove this role from them.
There is already the role "Testing" do you intend to use this?

[p-a-s-c-a-l]

There is already the role "Testing" do you intend to use this?

Yes, why not. But now I see a flaw in the general process: When a user creates a fresh account, he/she does not yet belong to the testing group, and will not see the landing page in CSIS until somebody has manually added them to the 'testing' group. Therefore this use case cannot be supported properly:

so that user exactly knows what to do in order to test the system. Although we create individual issues in csis-technical-validation, this is useful for external users that are not on GitHub

The proper solution would be to distribute 'special' registration inks or forms for testing users that automatically add the users to the testing group. But I don't know if it's worth the effort. On the other hand, is it worth the effort to create a landing page that nobody will see when he visits the CSIS for the 1st time because he does not belong to the respective group yet? Sure, we could assume that there is a certain time window between account creation and performing the acceptance test in CSIS but I wouldn't count on that.

As we are now focussing on our internal validation and our users should actually kow how to do it without the need of an extra instructions page in CSIS, I leave the question open for later.

[p-a-s-c-a-l]

closed in favour of #157