Skip to main content

Access Control

Introduction

Access to resources in Semantic Treehouse is controlled by a system of roles and permissions. This system allows you to define who can access what resources, and what actions they can perform on those resources. This page provides an overview of the existing roles and their permissions, how to manage these roles, and how to assign roles to users. In Semantic Treehouse, access control happens on two levels: global access control and group-level access control.

Role-based access control

Access control is managed through Roles. Users can have one or more roles, each of which grants them a set of permissions. These permissions determine what actions a user can perform on the resources in Semantic Treehouse. The available roles are:

  • User: can view specifications, use the validator, and submit issues.
  • Reviewer: can review specifications that are not yet publicly accessible.
  • Maintainer (Beheerder NL): can manage all the specifications, including creating and updating them.
  • Account Manager: can manage other users, and oversee various accounts and organizations.
  • Administrator: can change settings, manage the environment, and organize the homepage and projects.

You can find all permissions that these roles grant on this page: Roles and Permissions.

Users can have multiple roles simultaneously, thereby gaining multiple permissions. Roles that you have on a global level apply to all resources in Semantic Treehouse, while roles that you have on a group level apply only to resources that are owned by that group. Group-level roles can only be given to users who are members of that group.

info

Group-level permissions always take precedence over global permissions. For example, if you have the role of "Maintainer" in a group, but only the role of "User" globally, you will have the permissions of a "Maintainer" in that group. Vice versa, if you have the role of "Maintainer" globally, but only the role of "User" in a group, you will have the permissions of a "Maintainer" globally, but only the permissions of a "User" in that group.

This also means that you do not have access to resources, such as projects and specifications, of groups that you are not a member of, even if you have the role of "Maintainer" globally.

The global Administrator role

Regardless of the other global or group-level roles you have, the global Administrator role always has the highest level of permissions. This role can change settings, manage the environment, and organize the homepage and projects. Global administrators can also read and manager resources that are owned by groups, and would normally fall under group-level access control.

The global Administrator role is typically only assigned to a few users, who are responsible for managing the entire Semantic Treehouse environment.

Viewing your roles

  • Your global account roles can be found in the left-side menu bar at the bottom — click the person icon next to your username, or see account settings. To assign roles to others (as an Account Manager), you can read more about how to do that here.
    Location of global account roles

  • The group-level roles are found in the group detail page, accessible through the "Groups" menu item in the left-side menu bar. These roles only apply to resources that are owned by this group, such as group projects. You can read more about managing groups here.
    Location of group-level account roles