.. _def-accounts-intro: ============= User accounts ============= All authenticated users can access to their own "work space" (called *Votre espace*) and any public ressources like anonymous users except the register form. .. _def-accounts-structure: Structure ********* Goal ---- Structures goal is to create and manage their own workbooks with assistance and validation from their accompanists. A structure account have to go on a validation workflow to be enabled. Scope ----- Structure have access to their own "work space" where they can : * See and potentially edit its owned workbooks; * Upload attached files for each of its owned workbooks; * Edit its user account datas; .. _def-accounts-accompanists: Accompanists ************ They are users that can access to structure workbooks for which they are assigned to. It's important to notice that technically, an accompanist is assigned to a structure account and then mirrored to its workbooks: * Assignation to a structure account is used when structure create a new workbook, the assigned accompanist will be automatically mirrored to the new workbook; * Assignation to a workbook is what determines workbook visibility to accompanists; * Only guide assignation is effective since workbook starts, other accompanists will needs to be approved from structure to be effective; * If needed, admins can change structure and workbook accompanists on their parameters form at any time; .. _def-accounts-accompanists-guide: Guide ----- Also called **Accompanist phase 1** (**Accompagnateur phase 1**) because it's an accompanist dedicated to workbook phase 1. Goal .... They are users that can access to structure workbooks for which they are assigned to. Scope ..... * Can browse and read workbook datas; * Can edit workbook datas during phase 1; * Can stop or validate phase 1; * Lose the edit rights when the workbook goes out of phase 1; * Are notified about user registrations related to them and for workbook changes they manage; * Can possibly create an unique invoice for workbooks they have validated; Assignment .......... Processed during :ref:`def-accounts-structure` registration validation on :ref:`def-workflows-registration-status-2` if the guide accepts the assignment or if an admin force it. If guide refuses assignment for a structure, assignment will be removed from structure accounts and admin will have to select another guide to continue validation. .. _def-accounts-accompanists-supervisor: Supervisor ---------- Also called **Accompanists phase 2** (**Accompagnateur phase 2**) because it's an accompanist dedicated to workbook phase 2. Goal .... Like :ref:`def-accounts-accompanists-guide` but obviously for the phase 2 flow. Scope ..... * Can browse and read workbook datas; * Can edit workbook datas during phase 2; * Can stop or validate workbook phase 2; * Lose the edit rights when the workbook goes out of phase 2; * Are notified about user registrations related to them and for workbook changes they manage; Assignment .......... Processed during :ref:`def-accounts-structure` registration validation on :ref:`def-workflows-registration-status-2` if the guide accepts the assignment or if an admin force it. It is automatically selected, the structure department is used to find a coverage for the same department. .. NOTE:: If there is no supervisor region for the structure department, the registration validation is blocked until required department is created. .. _def-accounts-accompanists-dla: DLA Accompanist --------------- DLA means "Locale accompanying system" (*Dispositif Local Accompagnement*). .. NOTE:: DLA accompanist are actually only implemented in Inserdiag. Goal .... Like :ref:`def-accounts-accompanists-supervisor` but only for "read only" rights. Scope ..... * Can browse and read workbook datas; * Are notified about user registrations related to them and for workbook changes they manage; Assignment .......... Alike a :ref:`def-accounts-accompanists-supervisor`, a DLA is automatically assigned to structure using the structure department to find a DLA coverage on the department. Unlike a :ref:`def-accounts-accompanists-supervisor`, if a DLA coverage has not been finded, this will not block registration validation from guides and admins. .. _def-accounts-superuser: Superuser Admin *************** Goal ---- Superusers are a special kind of admin that have all rights and permissions on the website. .. WARNING:: They are not intended to do management, their role is mostly to do some maintenance jobs. People in charge of plateform management are advised to avoid to use superuser to do common management. Scope ----- * Can do anything that other admins can do; * Allways have all permissions and rights; * Allways have access to the Django admin; * The only existing restriction for superuser are to edit Workbook cells from their work space because it could breaks the workflow between structure and accompanist; * Have a special ability called *Superlogin* that grant to login under any user, however this feature is restricted on some specific IP adresses because this is a critical security problem; .. _def-accounts-admins: CNAR admins *********** Goal ---- They are users with admin rights which grant them to manage user accounts and workbooks from their work space, also they can have access to the Django admin. Scope ----- Basically, their rights depends on what permissions are defined on their user account form. Three kinds of CNAR admins exist, each kind making some differences : CRDLA IAE * Only one of this kind on each plateform; * Their coordinates from their profile is used in invoices for phase 1; CRDLAF * Only one of this kind on each plateform; * Their profile is used in invoices for phase 2; Regionalized * Are in charge of their assigned states (regions); * Can only access and manage accounts and workbooks from structures which have a state they are assigned to; * **Actually only on Culturdiag**; .. NOTE:: Actually, Inserdiag does not have frontend forms to create and edit Admin users, this is **only implemented for Culturdiag**. With Inserdiag you'll have to go through the Django admin. Frontend forms ease admin users management to add them the rights permissions and behaviors, while the Django admin require to go through many different forms to do the same thing. .. _def-accounts-anonymous: Anonymous user ************** Not properly an user account, an anonymous user have only access to : * Login form; * Register form; * Password forgotten form; * Some public documents pages. Once an Anonymous user succeed to login with the login form it becomes an authenticated user which can be a :ref:`def-accounts-structure`, Accompanist or an Admin.