From CKAN

CKAN ships with an administrative dashboard available at:

 /ckan-admin/

The dashboard allows you to:

• Create and remove sysadmins
• Edit general system level authorization
• Manage the 'trash' bin (i.e. datasets or revisions that have been marked as deleted)

Note: you can only visit the Administrative Dashboard if you are sysadmin.

You can create a sysadmin using the command line tool:

paster sysadmin -h

Authorization and Sysadmins

Authorization interface is at:

 /ckan-admin/authz

Authorization can be changed by editing the roles a user (or User Group) has on the "System". (You can also have these roles (and sometimes other roles added by ckan extensions) on other objects like an particular dataset).

In a basic ckan installation, there are four 'roles' which a user can have on an object

• admin (administrator)
• editor (Update action allowed)
• reader (Read action allowed)
• anon-editor

One example is that the visitor pseudo-user, which stands for anyone who's looking at the site, even if we don't know who they are, has read permission on the system. If we take this away then visitors won't be able to see anything except the login page, even the page which allows them to create an account, so they're locked out forever unless they already have a valid account.

With the authz page you'll be able to see all the users and authorization groups who have 'roles' on the 'System Object', and you'll be able to change those roles, and add roles to other users and groups of users.

To add or remove roles from users listed on the table, change the check boxes and press the Save button.

To delete a user from the table, just uncheck the boxes for all his roles, Save the changes and he'll disappear.

To add a user to the table, type his name or username into the box, and you should get autocompletion to help find his username, which is what you actually want there. Then select the roles you'd like him to have, and click the Add button to submit the form.

There are a similar table and form for Authorization Groups, which are groups of users who have similar permissions.

Make Someone a Sysadmin

Given the user the role 'admin'.

NB: Once a person is an system administrator, they can do ANYTHING on the system.

The Trash

When you delete datasets or revisions they go into the 'trash'. A sysadmin can then purge this material permanently (and irreversibly) by going to the trash page (/ckan-admin/trash') and selecting the purge option.