Appearance
How roles work
Currently there are 3 roles in Adept: Explorer, Manager, and Admin.
All users need to be granted access to a dataset, except the users with Admin role.
Admin
A user with Admin role can access and manipulate all the datasets. Its main purpose is to be used in unusual circumstances (e.g. debug problems), and by default it shouldn't be active.
Explorer
A user that has the Explorer role for a specific dataset, can view the dataset but not manipulate it. Full list of permissions on table below.
Manager
A user that has the Manager role for a specific dataset, can control the dataset. Full list of permissions on table below.
Managers are also responsible for marking a dataset as Draft or Ready. When a dataset is Ready, users with Explorer role can see it too.
How to get access to a dataset
uni.lu
For our main instance, adept.lcsb.uni.lu, users need to request access to datasets through data catalog.
Why can't I access a dataset?
- Was access granted through data catalog?
- Did a
Managermark the dataset as ready? - Are you logging in with the correct credentials?
- Did you try logging out and logging back in?
Roles table
| Action | No Access | Explorer (per dataset) | Manager (per dataset) | Admin (all datasets) |
|---|---|---|---|---|
| Export | - | |||
| Read import | - | |||
| Add import | - | - | ||
| See import table actions | - | - | ||
| Add root collection | - | - | ||
| Delete root collection | - | - | ||
| Rename root collection | - | - | ||
| Add collection | - | - | ||
| Delete collection | - | - | ||
| Move collection | - | - | ||
| Rename collection | - | - | ||
| Add dataset | - | - | ||
| Delete dataset | - | - | ||
| Move dataset | - | - | ||
| Mark dataset as draft or ready | - | - | ||
| View dataset settings | - | - | ||
| Rename dataset | - | - | ||
| Rename dataset row description | - | - | ||
| Read filter | - | |||
| Save filter | - | - | ||
| Edit dashboard | - | - | ||
| Read dashboard | - |
How to configure roles for a custom Adept instance?
This content is intended for a technical audience.
If you'd like to run a custom instance of Adept, the rules below must be followed. These rules are currently very dependent on the data catalog and
uni.lu
, but this will change in the future.Admin
The OIDC provider (e.g. Keycloak) must send the adept_admin role in the roles for the client adept.lcsb.uni.lu. The JWT should look like:
json
"resource_access": {
"adept.lcsb.uni.lu": {
"roles": [
"adept_admin"
]
}
}Explorer
In order to have access to a dataset, a user must have a role that starts with ${VITE_REALM_ROLE_PREFIX}${VITE_EXTERNAL_ID_PREFIX}, and it must be part of the realm roles. The JWT should look like:
json
"realm_access": {
"roles": [
"ACCESS::EXT_ID-XXX"
]
}Manager
In order to be a manager of a dataset, a user must have a role that starts with ${VITE_MANAGER_ROLE_PREFIX} then ${VITE_EXTERNAL_ID_PREFIX}, and it must be part of the client roles. The JWT should look like:
json
"resource_access": {
"adept.lcsb.uni.lu": {
"roles": [
"collection_manager_EXT_ID-XXX"
]
}but because only the manager role is not enough, they also need the access role:
json
"resource_access": {
"adept.lcsb.uni.lu": {
"roles": [
"collection_manager_EXT_ID-XXX"
]
}
...
"realm_access": {
"roles": [
"ACCESS::EXT_ID-XXX"
]
}'%3e%3cg%20transform='matrix(1.00894,0,0,1.04036,-1.26111,-0.142908)'%3e%3cpath%20d='M41,1.59c0.75,-0%201.439,-0.422%201.78,-1.09l0.22,0l-0,22.03c-0,1.097%20-0.903,2%20-2,2c-1.097,-0%20-2,-0.903%20-2,-2l0,-22.03l0.24,0c0.338,0.661%201.017,1.082%201.76,1.09Zm6.71,22.94c-1.097,-0%20-2,-0.903%20-2,-2l-0,-15.19c-0,-1.097%200.903,-2%202,-2c1.097,-0%202,0.903%202,2l-0,17.19l-2,-0Zm3.06,-0l-0,-17.19c-0,-1.097%200.903,-2%202,-2c1.097,0%202,0.903%202,2l-0,17.19c-0.93,-0%20-1.15,-1.08%20-1.15,-2.13c0.002,1.121%20-0.881,2.062%20-2,2.13l-0.85,-0Zm-18.88,-2c-0,-1.097%200.903,-2%202,-2c1.097,-0%202,0.903%202,2c0,1.097%20-0.903,2%20-2,2c-1.097,-0%20-2,-0.903%20-2,-2Z'%20style='fill:%2328a1d7;'/%3e%3c/g%3e%3cg%20transform='matrix(1.00894,0,0,1.04036,-1.26111,-0.142908)'%3e%3cpath%20d='M26.73,6.46l0.07,-0c0.743,-0.008%201.422,-0.429%201.76,-1.09l0.22,-0l0,17.16c0,1.097%20-0.903,2%20-2,2c-1.097,-0%20-2,-0.903%20-2,-2l0,-17.16l0.22,-0c0.333,0.652%200.998,1.071%201.73,1.09Zm-1.99,-3.96c-0,-1.097%200.903,-2%202,-2c1.097,-0%202,0.903%202,2c-0,1.097%20-0.903,2%20-2,2c-1.097,-0%20-2,-0.903%20-2,-2Zm-21.49,22.03c-1.097,-0%20-2,-0.903%20-2,-2l0,-15.19c0,-1.097%200.903,-2%202,-2c1.097,-0%202,0.903%202,2l-0,17.19l-2,-0Zm5.9,-2.124c-0.001,1.118%20-0.883,2.056%20-2,2.124l-0.85,-0l-0,-17.19c-0,-1.097%200.903,-2%202,-2c1.097,0%202,0.903%202,2l-0,17.19c-0.938,-0%20-1.149,-1.076%20-1.15,-2.124Zm10.85,-17.036c1.097,-0%202,0.903%202,2l0,15.16c0,1.097%20-0.903,2%20-2,2c-1.097,-0%20-2,-0.903%20-2,-2l0,-17.16l2,-0Zm-5.84,2.109c0.004,-1.114%200.886,-2.045%202,-2.109l0.84,-0l0,17.16c0,1.097%20-0.903,2%20-2,2c-1.097,-0%20-2,-0.903%20-2,-2l0,-17.16c0.934,-0%201.157,1.066%201.16,2.109Z'%20style='fill:%23db021b;'/%3e%3c/g%3e%3c/g%3e%3c/svg%3e)
