Astoria users and groups determine who can access the repository and perform actions on repository objects.
Administrators manage who can access the repository by creating user objects. A user object defines a system user, including contact information, and options defining how certain repository features are implemented for the user. Access controls can be granted to individual users.
Administrators can manage collections of users by creating group objects. A group object specifies which users are members of this group, as well as what other groups are members of this group. Using groups to grant access controls can greatly simplify this process and ensure consistent assignment of privileges. Administrators can also control the visibility of Astoria commands and administrative objects by group membership.
To simplify the administration of access controls, administrators can create role objects. A role object collects multiple capabilities into a single object. A role object can be attached to an object in the repository, and users or groups are associated with that role instance for that object. Additionally, roles are also used to identify users participating in workflow or job ticket activities.