-
-
Notifications
You must be signed in to change notification settings - Fork 79
Levels of Security
Currently Scrummage supports 2 simple levels of security using boolean values which can be set to True or False. In the backend database this value is called "is_admin". Users where this value is set to False, or in other words does not have admin rights and only have read and browse rights to the web application. Therefore, they cannot write anything to the database or execute any plugins. Ultimately they can do everything an admin can do except:
- Create, Run, Edit, Duplicate or Delete a task
- Create, Edit or Delete a result
- Generate screenshots for results
- Check or Edit task inputs, result outputs and core configurations.
Note: This applies to both regular web application usage and API calls.
Creating an admin user versus a non-admin user:
Admin User Creation:
user@linux:<SCRUMMAGE DIRECTORY>/installation$ python3 Create_User.py --username/-u Username --password/-p Password --admin/-a True --blocked/-b FalseNon-Admin User Creation:
user@linux:<SCRUMMAGE DIRECTORY>/installation$ python3 Create_User.py --username/-u Username --password/-p Password --admin/-a False --blocked/-b FalseThis functionality may or may not be upgraded in future depending on demand. Such as a user who can read and write but not execute, and a user who can read and execute but not write.
Additionally, considerations for allowing admin users to make changes to other, non-administrative user accounts is under consideration. But again is subject to demand.