| blob | 6e754f9372e2b4112f7660a4028aba42e438dc4b |
1 User specification
2 ==================
4 Source: Webové služby rozhraní ISDS pro správu datových schránkek,
5 version 2.19 (2011-05-05)
6 Source: Webové služby rozhraní ISDS pro manipulaci s datovými zprávami,
7 version 2.28 (2012-07-27), pages 6–7
8 Source: Webové služby rozhraní ISDS pro správu datových schránek
9 version 2.56 (2017-02-20)
12 User types
13 ==========
15 Symbol Description
16 --------------------------------------------------------------------------
17 PRIMARY_USER User who owns the box (FO and PFO type boxes have one
18 owner, OVM box one or none owners, PO box any number)
19 ENTRUSTED_USER User with limited access to the box. Such user is
20 delegated by primary user or administrator for the
21 purpose of message reading or sending.
22 ADMINISTRATOR User who can add/remove/update other users to a box, but
23 who is not a owner of the box.
24 OFFICIAL
25 OFFICIAL_CERT
26 LIQUIDATOR Liquidator of a commercial organisation. Effectively
27 equivalent to PRIMARY_USER.
28 RECEIVER Receiver of a commercial organisation. Effectively
29 equivalent to PRIMARY_USER.
30 GUARDIAN A person who has the authority to care for the personal
31 and property interest of another person. Effectively
32 equivalent to PRIMARY_USER.
35 User authorizations
36 ===================
38 Each user has set of permissions to operate on given box.
40 Symbol Num Description
41 --------------------------------------------------------------------------
42 PRIVIL_READ_NON_PERSONAL 1 Permission to read incoming messages
43 PRIVIL_READ_ALL 2 Permission to read messages addresses only to
44 concrete person
45 PRIVIL_CREATE_DM 4 Permission to sent mesages, to download outgoing
46 messages
47 PRIVIL_VIEW_INFO 8 Permission to download list of messages, to
48 download data about delivery (`Dodejka') and
49 acceptance (`Doručenka')
50 PRIVIL_SEARCH_DB 16 Permission to search boxes
51 PRIVIL_OWNER_ADM 32 Permission to maintane a box (add users etc.)
52 PRIVIL_READ_VAULT 64 Permission to read messages from long term
53 storage (does not exists since 2012-05)
54 PRIVIL_ERASE_VAULT 128 Permission to delete messages from long term
55 storage
57 User type ADMINSTRATOR has implicit non-revokable permission PRIVIL_OWNER_ADM.
58 Administrator can add other permissions to anybody, even to himself.
60 User type PRIMARY_USER has implicit (non-revokable?) permissions 1–32.
62 In addition, internal users can have following permissions (to manage
63 (= create, update) boxes or request for box updates):
65 Symbol Num Description
66 -------------------------------------------------------------------------
67 PRIVIL_OR 256 Manage PO type boxes
68 PRIVIL_INSSPR 512 Manage PFO_INSSPR type boxes
69 PRIVIL_NOTAR 1024 Manage OVM_NOTAR type boxes
70 PRIVIL_EXEKUT 2048 Manage OVM_EXEK type boxes
71 PRIVIL_ADVOK 4096 Manage PFO_ADVOK type boxes
72 PRIVIL_DANPOR 8192 Manage PFO_DANPOR type boxes
73 PRIVIL_AUDITOR 1073741824 Manage PFO_AUDITOR type boxes
74 PRIVIL_PFO 16384 Manage PFO* type boxes
75 PRIVIL_OVMPOZAK 65536 Manage OVM, PO_ZAK and OVM_REQ type boxes
76 PRIVIL_VAZBA 131072 Report imprisoning of a person etc.
77 PRIVIL_MV 32768 Ministery of interiors officer
78 who processes request (Service module)
79 PRIVIL_CZP 262144 Czech POINT officer who processes requests
80 (only for FO, PFO, PO_REQ box types)
81 PRIVIL_ADMADM 1048576 Manage internal users
82 PRIVIL_AD_DELIV 2097152 Store timestamp about credentials delivery
83 by off-line chanel
84 PRIVIL_ACTIVATE 8388608 Activate credentials on-line
85 PRIVIL_POST 524288 Access to help desk IS of Czech POST
86 PRIVIL_VAULT 33554432 Manage long term storage and commercial
87 message switcher
88 PRIVIL_BILLING 67108864 Access to billing data
89 PRIVIL_CONFIG 4194304 Low level configuration allowed (see
90 `Administrator manual for ISDS application
91 server' for more details)
92 PRIVIL_SUPERVISOR 16777216 Permission to start and stop application