The Hub supports the concept of a private resource, where access is restricted by one or more permission. In turn, permissions can restrict access to one or more groups.

A key concept of this model is that both groups and permissions can be defined by a Company but then be used by anyone on any resource. This allows, for example, a Company to define who should be in a specific group themselves without needing to inform (say) Linaro, but then Linaro can use that group to restrict access to one or more resources without needing to know who is in the group.

Groups

A “Members” group is created for each Company and that consists of every user on the system whose email address matches one of the domains registered for that Company. This group can be used to easily create a permission that restricts access to a specific Company’s staff.

Manual groups can also be created by Company admins. These groups have their membership explicitly specified but it is only possible to include people who have got accounts on the Hub.

If you are intending to publish a private resource and need to set up a group consisting of the people who should have access to the resource, please contact Linaro’s IT Services (it-support@linaro.org) and we can help with pre-creating any missing accounts on the Hub. The users can then be sent an email that includes their pre-defined password which will need to be changed on their first login.

Permissions

A permission defines the group membership required to grant access to a resource. In order to gain access, the current user must be in one of the specified groups, not all of them.

A permission has a custom error message which is displayed if someone tries to access a resource protected by this permission. For example, a resource restricted to customers of Developer Services might say something like “To view this resource, please contact Linaro Developer Services”.

A resource can be protected by one or more permissions. As with groups, a user only needs to pass one of the permissions in order to gain access to the resource.

Similarly to groups, permissions can be created by a Company admin and can only be edited by an admin from that Company (or a Super Admin) but can be used by any protected resource. This allows a Company to create company-specific permissions that can then be re-used by other Companies on the system.