Specific roles and rights status
Role Name | Description of competencies | Rule | Who can set the role |
Internal account | |||
PerunAdminBa | The role is identical to the PERUNADMIN role, but it skips MFA authentication. This role is used only for internal purposes. |
| PerunAdmin |
Rpc | The role allows the RPC component to call the API and thus transfer outer API parameters into objects. Perun does not provide an explicit functionality for managing system roles. Therefore, it is not possible to manage this role by any other role. | Manually assigned to specific system user by PerunAdmin. | PerunAdmin |
Engine | The role represents the Engine component. This role is authorized to take actions connected with users’ propagations to services. Same as the role RPC, this role cannot be managed by other roles. | Manually assigned to specific system user by PerunAdmin. | PerunAdmin |
Registrar | A system role that belongs to the Registration module. It is allowed to perform actions that are connected to users’ registrations and to creating and changing users’ passwords. It cannot be managed by other roles. | Manually assigned to specific system user by PerunAdmin. | PerunAdmin |
Authzresolver |
| Manually assigned to specific system user by PerunAdmin. | PerunAdmin |
Proxy | The role is dedicated to service account updating user extsources and working with facilities. |
| PerunAdmin |
Unique account | |||
SpregApplication | The role can be assigned to a service account primarily to work with facilities, groups and attributes. | Customized role: Manually assigned to specific service user by PerunAdmin. | PerunAdmin |
CyclopAdmin |
| Customized role: Manually assigned to specific service user by PerunAdmin. | PerunAdmin |
O365Admin |
| Customized role: Manually assigned to specific service user by PerunAdmin. | PerunAdmin |
Inet |
| Customized role: Manually assigned to specific service user by PerunAdmin. | PerunAdmin |
AuditConsumerAdmin | The role has access to methods in AuditMessagesManagerEntry (except logger method). | Customized role: Manually assigned to specific service user by PerunAdmin. | PerunAdmin |
PasswordResetManager |
| Manually assigned to specific system user by PerunAdmin. | PerunAdmin |
CabinetAdmin | The role is able to manage users’ publications in the cabinet module. Cabinet administrators and Perun administrators are able to delegate this role to other users, but the role cannot be set to groups. | Manually assigned to specific system user by PerunAdmin. | PerunAdmin CabinetAdmin |
Service |
| Manually assigned to specific system user by PerunAdmin. | PerunAdmin |
Notifications | The role does not have any special privileges. Its purpose is to identify whether the Notification module is calling the core API. It is a system role; therefore, it cannot be assigned to anyone. | Manually assigned to specific system user by PerunAdmin. | PerunAdmin |
Unknown | The role exists, but it is not used in Perun. | System role specified for unexpected situations. |
|
Support: perun@cesnet.cz