Access Controls #
On this page we will go deeper in the authentication and authorization concepts that happen on the uman platform.
Authentication via JSON Web Tokens #
JSON Web Tokens is open standard for authentication. The backend generates a token that certifies the user identity, and sends it to the client. The client will send the token back to the backend for every subsequent request, so the backend knows the request comes from a particular identity.
We currently support Google Sign-In (including Cloud Identity) next to the traditional login with username and password.
Authorization via user identifier, source permissions and role #
As we know the identity of the requester, we know the corresponding tenant id and limit allowed requests to the tenant scope. The content is restricted by mirrored permissions from source document management systems for that user. Additionally, based on the user his role we further limit the allowed requests to the profile scope.
Roles in uman #
Currently, uman supports the following roles:
- Viewer: basic privileges to access the uman workspace and content
- Admin: extra privileges to administer the uman workspace
- Contributor (deprecated): extra privileges to add content to the uman workspace
Some examples of the extra privileges an admin has:
- set up integrations (see Integrations for more information)
- invite people to the uman workspace
- change roles of people
Typically the admin role is granted by a uman team member during the set-up of the workspace.