| RUB Staff | Shibboleth (EduGain); OAuth (e.g. ORCID) | On first **successful login via Shibboleth**, automatically **create account in RDMS**, allocate basic access rights and storage quota). On attempt to login (via any method except Shibboleth), if account does not exist in RDMS then **ask user to apply for account**. An account needs to be provisioned for them to login. |
| RUB (not staff) | Shibboleth (EduGain); OAuth (e.g. ORCID) | On attempt to login (via any method), if account does not exist in RDMS then **ask user to apply for account**. An account needs to be provisioned for them to login. |
| External User | Shibboleth (EduGain); OAuth (e.g. ORCID) | On attempt to login (via any method), if account does not exist in RDMS then **ask user to apply for account**. An account needs to be provisioned for them to login. |
| Reviewer | Randomised, obfuscated & time-limited links | No account is provisioned in RDMS for this kind of user - they **only have limited, read-only access**. |
Once an account has been provisioned, and user has successfully authenticated, selected OAuth IDPs (including ORCID) can be configured by the user for subsequent authentication options.
## Authorisation
Authorisation will be controlled within the RDMS by allocating users to groups. This will be managed by RDMS users with the appropriate permissions, allowing for user-management to be distributed and delegated within the system.
A user's membership of a group will give them certain pre-defined privileges when interacting with collections & works which are related to that group.
RUB Staff will be automatically given certain authorisations when their account is provisioned.
## Longer-term maintenance of users' access, roles and permissions
A given user's level of access to collections and works within RDMS will depend, to a large degree, on their continued relationship with RUB and/or one of the CRCs. The RDMS will give "owners" of collections/works the opportunity to review who has access to these, and to revoke access as necessary.
