| blob | eb083f750127e260f2be3f737564940a06b33d69 |
1 User specification
2 ==================
4 Source: Webové služby rozhraní ISDS pro správu datových schránkek,
5 version 2.19 (2011-05-05)
6 Source: Webové služby rozhraní ISDS pro manipulaci s datovými zprávami,
7 version 2.28 (2012-07-27), pages 6–7
10 User types
11 ==========
13 Symbol Description
14 --------------------------------------------------------------------------
15 PRIMARY_USER User who owns the box (FO and PFO type boxes have one
16 owner, OVM box one or none owners, PO box any number)
17 ENTRUSTED_USER User with limited access to the box. Such user is
18 delegated by primary user or administrator for the
19 purpose of message reading or sending.
20 ADMINISTRATOR User who can add/remove/update other users to a box, but
21 who is not a owner of the box.
22 OFFICIAL
23 OFFICIAL_CERT
24 LIQUIDATOR Liquidator of a commercial organisation. Effectively
25 equivalent to PRIMARY_USER.
28 User authorizations
29 ===================
31 Each user has set of permissions to operate on given box.
33 Symbol Num Description
34 --------------------------------------------------------------------------
35 PRIVIL_READ_NON_PERSONAL 1 Permission to read incoming messages
36 PRIVIL_READ_ALL 2 Permission to read messages addresses only to
37 concrete person
38 PRIVIL_CREATE_DM 4 Permission to sent mesages, to download outgoing
39 messages
40 PRIVIL_VIEW_INFO 8 Permission to download list of messages, to
41 download data about delivery (`Dodejka') and
42 acceptance (`Doručenka')
43 PRIVIL_SEARCH_DB 16 Permission to search boxes
44 PRIVIL_OWNER_ADM 32 Permission to maintane a box (add users etc.)
45 PRIVIL_READ_VAULT 64 Permission to read messages from long term
46 storage (does not exists since 2012-05)
47 PRIVIL_ERASE_VAULT 128 Permission to delete messages from long term
48 storage
50 User type ADMINSTRATOR has implicit non-revokable permission PRIVIL_OWNER_ADM.
51 Administrator can add other permissions to anybody, even to himself.
53 User type PRIMARY_USER has implicit (non-revokable?) permissions 1–32.
55 In addition, internal users can have following permissions (to manage
56 (= create, update) boxes or request for box updates):
58 Symbol Num Description
59 -------------------------------------------------------------------------
60 PRIVIL_OR 256 Manage PO type boxes
61 PRIVIL_INSSPR 512 Manage PFO_INSSPR type boxes
62 PRIVIL_NOTAR 1024 Manage OVM_NOTAR type boxes
63 PRIVIL_EXEKUT 2048 Manage OVM_EXEK type boxes
64 PRIVIL_ADVOK 4096 Manage PFO_ADVOK type boxes
65 PRIVIL_DANPOR 8192 Manage PFO_DANPOR type boxes
66 PRIVIL_PFO 16384 Manage PFO* type boxes
67 PRIVIL_OVMPOZAK 65536 Manage OVM, PO_ZAK and OVM_REQ type boxes
68 PRIVIL_VAZBA 131072 Report imprisoning of a person etc.
69 PRIVIL_MV 32768 Ministery of interiors officer
70 who processes request (Service module)
71 PRIVIL_CZP 262144 Czech POINT officer who processes requests
72 (only for FO, PFO, PO_REQ box types)
73 PRIVIL_ADMADM 1048576 Manage internal users
74 PRIVIL_AD_DELIV 2097152 Store timestamp about credentials delivery
75 by off-line chanel
76 PRIVIL_ACTIVATE 8388608 Activate credentials on-line
77 PRIVIL_POST 524288 Access to help desk IS of Czech POST
78 PRIVIL_VAULT 33554432 Manage long term storage and commercial
79 message switcher
80 PRIVIL_BILLING 67108864 Access to billing data
81 PRIVIL_CONFIG 4194304 Low level configuration allowed (see
82 `Administrator manual for ISDS application
83 server' for more details)
84 PRIVIL_SUPERVISOR 16777216 Permission to start and stop application