Roles and permissions

A few roles are pre-defined with their own sets of permissions. Some roles are given globally like manager and dp_manager, while other roles are given on the level of an organization.

A user can have multiple roles, of which the permissions will combine automatically. This allows us to build many more features in the future and create separate roles for users and give access on an individual basis to the appropriate staff.

Administrator (administrator)

The global admin role, used to set Drupal settings and setup permissions.

⚠️ In an ideal situation this should not be used by the end customer. With this role you can easily break the entire installation in just a few clicks.

User Manager (manager)

This is the highest role available for the Data Providers. This role can create new organizations (groups) and new Users, as well as add members to groups. They can also pick the roles of these users.

⚠️ There should be at least 1 user manager per installation.

⚠️ This role can not manage certificates for installations, unless the user is also added as a member to one or more organizations with the Certificate Editor role.

DP Manager (dp_manager)

This role is assigned when adding a user to a group. This role allows the user to add new members to the groups of which they are the DP Manager. In theory a user could be a DP Manager ofone organization, but a regular member of another organization.

⚠️ This role also doesn’t give the permission to manage certificates. To do that you also need to give this member the Certificate Editor role.

Certificate Editor (certificate_editor)

The certificate editor role is also assigned when adding a user to a group. This role allows users to manage the p12 certificate for an organisation.