recaptime.dev
@recaptime-dev's working patches + fork for Phorge, a community fork of Phabricator. (Upstream dev and stable branches are at upstream/main and upstream/stable respectively.)
hq.recaptime.dev/wiki/Phorge
phorge
phabricator
1@title User Guide: Account Roles
2@group userguide
3
4Describes account roles like "Administrator", "Disabled", "Bot" and "Mailing
5List".
6
7
8Overview
9========
10
11When you create a user account, you can set roles like "Administrator",
12"Disabled", "Bot" and "Mailing List". This document explains what these roles
13mean.
14
15
16Administrators
17==============
18
19**Administrators** are normal users with a few extra capabilities. Their
20primary role is to keep things running smoothly, and they are not all-powerful.
21In Phorge, administrators are more like //janitors//.
22
23Administrators can create, delete, enable, disable, and approve user accounts.
24Various applications have a few other capabilities which are reserved for
25administrators by default, but these can be changed to provide access to more
26or fewer users.
27
28Administrators are **not** in complete control of the system. Administrators
29**can not** login as other users or act on behalf of other users. They can not
30destroy data or make changes without leaving an audit trail. Administrators also
31can not bypass object privacy policies.
32
33Limiting the power of administrators means that administrators can't abuse
34their power (they have very little power to abuse), a malicious administrator
35can't do much damage, and an attacker who compromises an administrator account
36is limited in what they can accomplish.
37
38
39Bot Accounts
40============
41
42**Bot** ("Robot") accounts are accounts for bots and scripts which need to
43interface with the system, but are not regular users. Generally, when you write
44scripts that use the Conduit API, you should create a bot account for them.
45
46The **Bot** role for an account can not be changed after the account is
47created. This prevents administrators form changing a normal user into a bot,
48retrieving their Conduit certificate, and then changing them back (which
49would allow administrators to gain other users' credentials).
50
51**Bot** accounts differ from normal accounts in that:
52
53 - they can not log in to the web UI;
54 - administrators can access them, edit settings, and retrieve credentials;
55 - they do not receive email;
56 - they appear with lower precedence in the UI when selecting users, with
57 a "Bot" note (because it usually does not make sense to, for example,
58 assign a task to a bot).
59
60
61Mailing Lists
62=============
63
64**Mailing List** accounts let you represent an existing external mailing list
65(like a Google Group or a Mailman list) as a user. You can subscribe this user
66to objects (like tasks) to send them mail.
67
68Because these accounts are also user accounts, they can be added to projects
69and affected by policies. The list won't receive mail about anything the
70underlying user account can't see.
71
72The **Mailing List** role for an account can not be changed after the account
73is created.
74
75Some options can be configured for mailing lists by browsing to the list user's
76profile and clicking {nav Edit Settings}. You can change the address for a
77list by editing "Email Addresses" here, choose the language and format for
78email the list receives, and customize which actions the list is notified about.
79
80**Mailing List** accounts differ from normal accounts in that they:
81
82 - can not log in;
83 - can not access the Conduit API;
84 - administrators can access them and edit settings; and
85 - they appear with lower precedence in the UI when selecting users, with
86 a "Mailing List" note.
87
88
89Disabled User Accounts
90======================
91
92**Disabled Accounts** are accounts that are no longer active. Generally, when
93someone leaves a project (e.g., leaves your company, or their internship or
94contract ends) you should disable their account to terminate their access to
95the system. Disabled user accounts:
96
97 - can not login;
98 - can not access the Conduit API;
99 - do not receive email; and
100 - appear with lower precedence in the UI when selecting users, with a
101 "Disabled" note (because it usually does not make sense to, for example,
102 assign a task to a disabled user account).
103
104While users can also be deleted, it is strongly recommended that you disable
105them instead, particularly if they interacted with any objects in the system.
106If you delete a user entirely, you won't be able to find things they used to
107own or restore their data later if they rejoin the project.