Type of Users in HAT


#1

Hi!

In the user_user table, and in the hatdex.hat.api.endpoints.UsersSpec, I gather the following type of users

  1. Owner

  2. Platform

  3. Normal Users - e.g. dataCredit, dataDebit

Questions:
a. What is the definition of a Platform user and what are its rights?
b. Is there a full list of User Types? Or we can put anything in.

Terry


#2

Hi @Terry_Lee,

Thank you for your question.

You can find descriptions (and technical examples) of the HAT Account Roles here: http://hub-of-all-things.github.io/doc/#user-management.

So there are 4 Account roles defined within the HAT:

  • Owner - a User who has access to everything within the HAT and who owns it
  • Direct Data Credit can create/record data, but cannot read it Raw Data, unless accessit it via a user-approved Direct Debit
  • Direct Data Debit can read the Data that Owner enabled for sharing and exchange through Direct Data Debits
  • Platform, that manages Data Credit and Debit accounts, e.g. creates then when an application developer wants an account on a user’s HAT

You can create a new User (http://hub-of-all-things.github.io/doc/?http#direct-credit-and-debit-accounts) that has a role defined as dataDebit or dataCredit.

The special Owner and Platform accounts can only be created at the time of creating a HAT and can not be added/replaced/disabled later.

Hope this answers your question :slight_smile:


#3

hey @snaiste,

does/should the “Platform” user have the rights of the “dataDebit” and “dataCredit” user?

Regards,

Terry


#4

Hi @Terry_Lee,

In the current implementation (once again, merely a strawman implementation!), the way permissions are handled is:

  • “platform” user can create new Data Credit and Data Debit accounts
  • every account can post data into the HAT (i.e. Data Credit is not enforced)
  • every account that has requested a data debit (and has had it approved) can access that specific data debit
  • “owner” can access everything

For the future, perhaps it is best to assume that a Data Debit has a superset of rights of a Data Credit, and Platform still merely has access to managing those users as well as have Data Debit rights to avoid the need for creating many users. It depends, however, on how HAT Platform Providers want to manage other applications and what role they want to play in the app market; potentially the Platform account will go away altogether.


#5

Platform still merely has access to managing those users as well as have Data Debit rights to avoid the need for creating many users.

Do you actually mean Data Credit? (instead of data Debit?)

For the future, perhaps it is best to assume that a Data Debit has a superset of rights of a Data Credit

My current assumption is for DataDebit and DataCredit users to be independent and have no influence on each other.