Users
After the root zone creation, subsequent zones are created by associating a new or existing Zone User with an SSO ID to it. (TODO See YOUnite and SSO Providers). If this is the first zone created by a given SSO ID, two YOUnite users are created:
- Zone admin: This user has zone admin privilges and is tied to the SSO ID of the user that created the zone
- Data Steward
Image RemovedImage Removed
If the same user creates subsequent zones a new YOUnite user is not created but the SSO ID is associated with the newly created zone.
Each zone can have multiple users and each user must be tied to an SSO ID.
The following is needed to create a zone:
- An OAuth bearer token returned from the YOUnite OAuth service (see
Authorization
header) - The parent zone's UUID (see
parentZoneUuid
in the request body) - The SSO ID of the user designated as the zone admin (see
zoneAdminSsoId
in the request body)
For example:
POST /zones
Headers:
Content Type: application/json
Authorization: Bearer
bearer-token
Code Block |
---|
{
"name": "College District",
"description": "The College District Zone for the West, Central and East Colleges",
"parentZoneUuid": "6c5a754b-6ce0-4871-8dec-d39e255eccc3",
"zoneAdminSsoId": "admin@college_district.edu"
} |
There are two distinct zone responsibilities:
- General Zone Management The primary zone management user is the zone admin but other users can be created with a subset of permissions.
- Master Data Stewardship The user responsible for the domains, data and data governance.
The zone admin . Zone Users can either be systems that publish and/or subscribe to data to be shared through MDM, or Zone Users can be roles performed by either a Zone Administrators or a Zone Data Steward.
- A zone can not be created without the associated SSO ID.
- The first Zone User associated with a zone becomes the zone's Zone Admin. The Zone Admin has full administrative privileges for the zone.
An organization's first, initial zone associated to an SSO ID also has a YOUnite User (User) created and tied to the associated SSO ID.
For example, imagine that an IT Admin, Senor Jefe, was associated with the College District zone in the example above. Senor Jefe's SSO ID is senor_jefe@college_district.edu. He is the Zone Admin for the College District zone. Senor Jefe creates the "Central College" zone and assigns IT Admin Cece Jones's SSO ID to it. Cece Zones is the Zone Admin for the "Central College" zone and also has a new YOUnite User (cece@college_district.edu) created that is associated with the "Central College" zone:
Image Added
If two more zone's are created and Cece's SSO ID is associated with them, her same YOUnite User name is used for all associated zones. If Cece's SSO ID is associated with the other two college zones in the example above, her one YOUnite User (with SSO ID cece@college_district.edu) is associated with all three zones.
Image Added
YOUnite User permissions are specific to the zone they are logged into and may be different from one zone to another. This is accomplished using permissions, roles, and groups.