Need to decide, user entitlements

[TomasKulhanek]

User logged via West-Life SSO is identified by eppn (unique username), full name and it's entitlements (groups which belongs to) e.g. ARIA, West-Life, ...

We need to decide:

• make flexible, allow predefined entitlements and User-profile mapping
• whether distinguish user access - ARIA, West-Life can have additional access to institutional repositories,
• user's who logged using their e.g. 1) library account or google account and 2)are not recognized as members of any community - any hacker, anonymous user - won't have any access to Repository

Implications:

• new table for mapping entitlements or eppn and 'USER', 'ADMIN', 'DBA' profiles

[TomasKulhanek]

Currently:

• new user is created with 'USER' user_profile, name email filled in from West-Life SSO headers obtained

[TomasKulhanek]

left it to 'USER'