Differences

This shows you the differences between two versions of the page.

--- damsym:roles_and_authentication [2026/01/15 16:22] – fincons
+++ damsym:roles_and_authentication [2026/02/12 12:13] (current) – [Authentication Procedure] fincons
@@ Line 4: / Line 4: @@
 The DaMSym system (WP4) adopts a controlled access model based on roles, which determines the rights and functionalities available to each user.
 Authentication is performed through the D4Science platform, which provides a secure and centralized infrastructure for identity management, using Keycloak as the SSO (Single Sign-On) provider.
 This integration allows ITSERR and RESILIENCE users to access all related tools (such as Ubiquity, DaMSym, Sanctuaria, etc.) using the same credentials, while maintaining consistent control over profiles and permissions.
@@ Line 12: / Line 14: @@
 The system defines four main user profiles, each with a specific set of functionalities and permissions.
 Each role determines the actions allowed within the interface, both for semantic search and for resource management and review.
 ^ Role ^ Description and Permissions ^
 | **Guest (unauthenticated user)** | Can freely access the homepage and use semantic search in all available languages. Has no access to restricted areas and cannot add or modify resources. |
-| **Researcher** | Authenticated user who, in addition to search functionalities, can add new resources (Add Resource), edit existing texts (Edit Texts), and update associated metadata. The Researcher also has access to a personal Dashboard for managing their submissions. |
+| **Researcher** | Authenticated user who, in addition to search functionalities, can add new resources (Add Resource), edit existing texts (Edit Texts), modify associated metadata (Edit Metadata), and add new metadata (Add Metadata). The Researcher also has access to a personal Dashboard for managing their submissions. From the Dashboard, the Researcher can access the **Corrections** section, where the list of modification requests related to submitted resources is available. |
-| **Reviewer** | Has the same functions as the Researcher, with the additional ability to evaluate search results through a feedback (rating) system accompanied by descriptive notes. Reviewers also access their personal Dashboard. |
+| **Reviewer** | Has the same functions as the Researcher, with the additional ability to evaluate search results through a feedback (rating) system accompanied by descriptive notes. Reviewers also access their personal Dashboard. From the Dashboard, the Reviewer can access the **Corrections** section to view the list of modification requests associated with evaluated resources. |
-| **WP Lead** | Supervisory and control role. In addition to all previous functions, the WP Lead can approve or reject resources submitted by other users, view all feedback, and export ratings provided by Reviewers. From the Dashboard, the WP Lead can also manage fonts dedicated to the Slavic language and access the Corrections section, which collects requests for modifications to texts and metadata submitted by Reviewers or Researchers. |
+| **WP Lead** | Supervisory and control role. In addition to all previous functions, the WP Lead can approve or reject resources submitted by other users, view all feedback, and export ratings provided by Reviewers. From the Dashboard, the WP Lead can also manage fonts dedicated to the Church Slavonic language and access the **Corrections** section, where modification requests related to texts and metadata submitted by Reviewers or Researchers are collected and managed. |
 ----
@@ Line 24: / Line 27: @@
 ===== Platform Access =====
 Access to the DaMSym portal is provided via a dedicated URL:
 🔗 https://damsym-itserr.d4science.org
 The homepage displays the “Login” button located in the upper-right area of the interface.
 By clicking it, the user is redirected to the authentication page managed by D4Science / Keycloak, where one of the following access methods can be selected:
   * **D4Science account** – login using personal credentials already registered on the platform;
   * **Federated institutional account** – login through an academic or university provider recognized by RESILIENCE;
-  * **Other enabled Identity Providers** – external login through compatible federated systems (e.g. partner institutions or accredited research centers).
+  * **Other enabled Identity Providers** – external login through compatible federated systems (e.g., partner institutions or accredited research centers).
+{{damsym:damsym_keycloak.png?700|Keycloak}}
 ----
@@ Line 45: / Line 50: @@
   * the user is redirected back to the homepage, now enriched with functionalities specific to their role.
-The system keeps the session active for the duration of navigation or until manual logout via the user menu. (Figure 1)
+The system keeps the session active for the duration of navigation or until manual logout via the user menu.
-Figure 1, Authentication
+{{damsym:damsym_user_menu.png?400|User Menu}}
 ----
 ===== User Menu =====
-After authentication, the user profile icon appears in the upper-right corner of the screen (Figure 2), opening a dropdown menu containing the following entries:
+After authentication, the user profile icon appears in the upper-right corner of the screen, opening a dropdown menu containing the following entries:
   * **Dashboard** → access to the personal section for managing resources and feedback;
   * **Logout** → system logout and termination of the current session.
+For users with the role of Researcher and Reviewer, the Dashboard presents a simplified view.
+Specifically, these users can access only the following sections:
+  * **Dashboard** – overview of personal resources and associated feedback;
+  * **Corrections** – section dedicated to managing modification requests related to texts and metadata.
 For WP Lead users, the Dashboard includes the following sections, displayed in order:
   * **Dashboard** – general overview of resources and feedback;
-  * **Corrections** – section dedicated to managing requests for corrections of texts and metadata;
+  * **Corrections** – section dedicated to managing modification requests related to texts and metadata;
-  * **Add Fonts** – section for managing and adding fonts specific to the Slavic language;
+  * **Add Fonts** – section for managing and adding fonts specific to the Church Slavonic language;
   * **Ratings Export** – functionality dedicated to exporting feedback (ratings) provided by Reviewers.
-Figure 2, User Menu
 ----
@@ Line 71: / Line 79: @@
 ===== Session Timeout and Security =====
-For security reasons, the system implements a session timeout mechanism:
+For security reasons, the system implements a session timeout mechanism.
-in case of prolonged inactivity, the user is automatically logged out and redirected to the login page.
+In case of prolonged inactivity, the user is automatically logged out and redirected to the login page.
 Authentication is entirely managed by D4Science / Keycloak, ensuring compliance with European data protection standards (GDPR) and with OAuth2 and OpenID Connect security protocols.
-All credential exchanges are encrypted (HTTPS/TLS).
+All credential exchanges occur in encrypted form (HTTPS/TLS).
 ----
@@ Line 85: / Line 95: @@
 | Add resources | ❌ | ✔️ |
 | Edit texts / metadata | ❌ | ✔️ |
-| Feedback submission | ❌ | Reviewer; WP Lead (view only) |
+| Feedback submission | ❌ | Reviewer (submission); WP Lead (view only) |
 | Dashboard access | ❌ | ✔️ |
 | Rating export | ❌ | WP Lead only |
@@ Line 94: / Line 104: @@
 Logout is performed by selecting the “Logout” entry from the user menu.
-At the end of the session, the user is redirected to the public homepage, temporarily losing access to all restricted functionalities.
+At the end of the session, the user is redirected to the public homepage in guest mode, temporarily losing access to all restricted functionalities.
+----