ARK2 uses the Symfony Security component. ARK2 extends this component with its own User Provider and Role-Based Access Control to manage user rights within an ARK.
- User Authentication
- Local user database for stand-alone/internal use
- Distributed Via OAuth and OpenID authentication services (Google, Facebook, etc)
- User Authorisation
- Role-Based Access Control (RBAC) model based on Users/Roles/Permissions
HTTPS is required and is supported using LetsEncrypt to obtain SSL certificates.
The User account has the following possible statuses:
- Registered - The user has registered with the website but not yet verified their email (if required)
- Verified - The user has responded to the email verification but not yet been enabled by the admin (if required)
- Enabled - The user is enabled to use the website
- Disabled - The user has been disabled by the admin and cannot login or reset their account
- Locked - The user has failed the password check and must reset their password, or the admin has required them to reset their password
- Expired - The expiry date for the account has passed and must be extended by the admin
ARK User Levels are a renaming of Symfony Security module Roles to prevent confusion with ARK RBAC Roles:
- ROLE_SYSADMIN - System Admin - Admin rights for an ARK system install.
- ROLE_ADMIN - ARK Admin - Admin rights for an ARK instance.
- ROLE_USER - General user rights for any other role within an ARK instance.
- ROLE_ANON - Anonymous users.
- Permission - A specific right that may be granted to view data or perform an action within the system
- Actor - A persistent entity who can view data or perform actions within the system
- Role - A set of Permissions that can be assigned to an Actor
- User - A security account for logging into the system that can be linked to one or more Actors