Introduction

IAM is the EBRAINS Identification and Authentication Management service which is delivered by the Collaboratory and manages user identification and permission management for all EBRAINS services. Users can be grouped into units, groups and collab teams for simpler management.

The IAM service is also what you need to look at when you want to create your own service or community app as this is where you will need to receive tokens for your OIDC clients. 

Collabs are private or public. The wiki pages of public collabs are viewable by anyone on the internet. For files in the Drive of a public collab to be readable by anyone, the files (or folders) must be referenced via a public link in a wiki page.

The Team app is one of the few non-wiki pages that appears in the collab’s navigation panel in the left margin. The admins of the collab can add/remove users from the Admin, Editor and Viewer roles of that collab. A user has one of these 3 roles throughout that whole collab; there are no finer-grain permissions per folder in the Drive or per wiki page.

Roles in a collab’s Team can also be attributed to all the users in a Unit or in a Group. Units are managed by more formal policies than Groups, e.g. to indicate HBP user accreditation or to indicate the institution a user belongs to. Groups are more flexible in nature.