Organizers
The platform supports having multiple administrator user accounts to help in managing the contest. The access and
permissions for these Organizer accounts can further be managed through a role-based access control (RBAC) system.
Once users are assigned a role, they get access to the admin panel and for performing various other actions/activities
on the platform based on their role.
Roles
Roles help organizing admins to delegate tasks and collaborate with others on the team. Organizing admins can create custom roles with specific permissions, and assign those roles to the organizing team members' user accounts.
- A user account can only have 1 role at a time.
- By default, a user account does not have any role.
- A user account without a role assigned to it is treated as a participant account, whereas when a role is assigned to an account it is treated as an organizer account.
Organizers with appropriate permissions can add, remove or change a role assigned to a user account at any time. When a normal user is assigned a role, he/she is no longer a contestant and any progress made so far shall be deleted. Similarly, when an organizer account is unassigned its role, it gets converted to an individual participant account.
In following circumstances, adding or removing roles shall not be permitted:
- Assigning role to a user who is the captain of a team participating in the CTF. Captaincy must be first transferred to another member before upgrading the account.
- Removing role of a user when individual participation mode is not enabled. Since the organizer account cannot be converted automatically to a participant account as it would need to have a team, this operation is not permitted. Either the account can be deleted, or individual participation mode needs to be enabled.
Supported Role Attributes
The access to following resources on the platform can be managed through roles:
| Resource / Attribute | Description |
|---|---|
Challenge | Access to create, edit, delete, publish, unpublish, and manage challenges. |
Notice | Access to create, edit, delete, and manage notices. |
Submissions | Access to view, edit, delete, and manage submissions. |
Analytics | Access to view analytics. |
Roles | Access to create, edit, delete, and manage roles. |
Users | Access to create, edit, delete, and manage users. |
Teams | Access to create, edit, delete, and manage teams. |
Settings | Access to view and edit settings. |
Logs | Access to view logs. |
Each of these resources can be assigned a permission level to the role, if required to be restricted.
However, by default, all resources, including those that are not listed above, are assigned the permission level
given to the Role as Default. Each role has a Default permission level, which is taken as the default permission
level for all resources that are not explicitly mentioned or set in the role.
Only set the permission level for a resource if you want to restrict the access to that resource. Otherwise, leave it
blank, and use the Default permission level to set a common permission level for the rest of the attributes.
For example, to create a role for a challenge author,
- Set default as
No Access - Set
ChallengeasEdit
With this configuration, the user will have access to create, and edit challenges, but will not have access to any other resource.
Similarly, to restrict access to only to a particular resource - say settings, you can try the following
- Set default as
VieworEdit - Set
SettingsasNo Access
With this configuration, the user will have access to view, create and edit all resources except settings.
Role Permission Levels
Each attribute of a role has a permission level associated with it. The permission levels are as follows:
| Permission Level | Description |
|---|---|
No Access | The user gets no access to the resource defined by the attribute |
View | The user can only view the resource defined by the attribute |
Edit | The user can view, create and edit the resource defined by the attribute |
Admin | The user can view, create, edit and delete the resource defined by the attribute |
Managing Roles
A organizer with appropriate permissions can create, delete and manage Roles on the platform. To do so, they can
navigate to the Manage Roles page (Manage > Roles or /admin/manage/roles). This page lists all the roles
created on the platform, and provides options to create, edit or delete a role.