Users

learn about types of users you can add in raidiam connect understand role based access control (rbac) and see what permissions the users have types of users in raidiam, users are authenticated directory users with the ability to update and manage various functionalities within the directory these users can be registered by an global administrator or another organisation user with the authority to do so, such as an organisation administrator after successful authentication, organisation users can access the directory ui to view and update data for the organizations they have permission to manage visualization and editing powers are subject to the ecosystem policy raidiam connect has four types of users super users data administrators organisation administrators domain users super users also known as global administrators hold a unique position within raidiam connect, possessing comprehensive control over the entire platform they are responsible for managing and maintaining the system, ensuring its optimal functioning and security with the ability to oversee all organizations and users, global administrators can make critical decisions and adjustments as needed this level of authority is crucial for maintaining the stability and integrity of raidiam connect, fostering a trustworthy and efficient environment for all participants data administrators the data administrator is a user role within raidiam connect, acting on behalf of the trust framework administrator organisation their primary responsibility is managing the data within the ecosystem or federation, particularly handling the onboarding and ongoing management of organisations although data administrators can manage data within the ecosystem, they do not have control over reference data , which is managed exclusively by super users data administrators can be added to the platform by super users, either through the ui or via apis organisation administrator hold the highest level of authority within an organisation they can create and update most of the organization's resources, add new administrators, and manage other types of domain users configured within the directory if the ecosystem utilizes single sign on (sso) with the directory, the open id client can verify, upon user consent in the oauth flow, whether a user is an organization administrator and identify the organizations they administer this information is registered under "orgaccessdetails" with "orgadmin" set to true domain users also known as technical users, are users with specific functions within the directory, usually a subset of permissions granted to an organization administrator some domain users may not have direct functions in the directory but instead have access scopes for other platforms that leverage the directory's sso functionality if the ecosystem employs sso with the directory, the open id client can also verify the organizations for which a user is an organization domain user this information is registered under "orgaccessdetails/domainroledetails," with the type of organization domain user listed under "contactrole" and the platform specified under "system " this configuration enables, for example, a service desk contact to be registered in the directory and authorized on a service desk platform, even without access or permissions within the directory itself user permissions and roles role based access control (rbac) is an essential component of ecosystem, ensuring that users have the appropriate level of access to perform their tasks while minimizing the risk of unauthorized access or data misuse by leveraging rbac and the existence of users docid\ ijyftusvdonrn4rxsnsev and users docid\ ijyftusvdonrn4rxsnsev you can streamline the management of user permissions, maintain a higher level of security, and create a more organized and compliant system for data access and control all organization administrators receive an e mail informing them of any change to roles and of any role assignment each ecosystem or federation comes with built in default domain users roles like primary technical contact (ptc) and primary business contact (pbc) that enable access to directory and more such users can register authorisation servers, publish apis, request software statement assertions, and interact with the connect platform in any other way other roles are available depending on the trust framework docid\ orq fx71kdupt8j17ckkd configuration set by your trust framework participants docid\ zwoo4fno16xiy1mcodij5 their level of access on connect hugely depends on the ecosystem policy some roles are created to be used solely for single sign on docid\ lnznuggqvr5ouarmyrhjw purposes where the users stored within connect may authenticate with their connect accounts while accessing other platforms available within the ecosystem what's next delegate organisation administration by delegate organisation administration docid\ c4hoghk8w tjf z44qkmt add users docid 6ci5elhtqvckznrxv1 qo manage administrators docid\ z xxy9ycmvkqjo1ymz6l6 if you are a super administrator of your ecosystem