koala can be configured to use local and a remote authentication mechanisms. Local accounts are saved in the database with hashed and salted passwords. Remote accounts can be authorized with LDAP or Single Sign-On via OpenId Connect, see Configuration. To allow a remote account to access koala it is nevertheless required to manually create a local account and assign appropriate permissions, see Permissions.
Functional accounts with permission=api must be created as local accounts.
koala defines a set of permissions which restrict the access to different ui and api functions. Permissions are specified while creating or editing users via the ui.
The following permissions are available:
- admin - grants the ability to access all ui functions
- monitor - grants the ability to view the dashboard
- api - grants the ability to execute all api functions
- api_restricted - grants the ability to execute all api functions except deletion of assets and AIPs