What do the various realms in Sakai do?
Below is a listing of various realms in Sakai. This list is not an exhaustive one, since system administrators may edit existing realms or add new custom realms.
The Site Group feature introduced in Sakai 2.1 introduced group templates !group.template and !group.template.course. In order for Site Groups to work properly, these templates must have the same roles defined as those in the corresponding site templates !site.template and !site.template.course. So for Sakai OOTB, !group.template has the roles maintain and access, and !site.template.course has the roles Instructor, Student, and Teaching Assistant.
Editing a template realm affects all future sites. Editing a site’s realm affects the site only. It is sometimes desirable to add a permission to all existing sites. For example, a new tool is added with its set of permissions. It would be nice to add the new tool’s default permission settings to roles in all sites so that if an existing site wanted to add the new tool, permissions would be setup properly for the various roles. The !site.helper realm provides such a capability. The !site.helper realm can be used to assign permissions for a particular role in all sites.
A few other realms are delivered with Sakai out of the box. These have special uses as follows.
!group.template - Used to specify group related permissions for tools that are group aware for sites which do not have a corresponding !group.template.<sitetype> realm.
!group.template.course - Used to specify group related permissions for tools that are group aware for course sites (sites with a type value of ‘course’)
!pubview - Gives permissions to non-authenticated users who are viewing public content in a site. Public content includes Announcements, Resources, Syllabus items that have been specified as being public when they were created (or subsequently edited). Public content for a site can be viewed from the Site Browser tool on the Gateway page, before a user logs in. !pubview typically has read only permissions set so that unauthenticated users can see the public content but not add/change site content.
!site.helper - Can be used to grant permission to all sites, as a way of retroactively granting permissions when a new permission is added to the system.
!site.template - Realm template used for sites that do not have any type, or for which a corresponding !site.template.<sitetype> does not exist.
!site.template.course - Realm template for sites of type ‘course’.
!site.template.myworkspace - Not used.
!site.user - Provides permissions to the user in their My Workspaces. When a user first logs in, their My Workspace inherits this realm by default.
!user.template - User templates are a way of granting certain permissions to users within the scope of their My Workspace based on their account type. Currently, these templates are used to grant the ability to create new sites or not via the site.new permission. If the user template has site.new checked, then the ‘New’ action appears in the user’s Worksite Setup tool in their My Workspace. If the site.new permission is not checked, then the user cannot create new worksites since the New action will be missing from their Worksite Setup toolbar.
!user.template - Used for user account with no type, or accounts which have a type but for which there isn’t a corresponding !user.template.<accounttype> realm.
!user.template.guest - Used for user accounts of type ‘guest’.
!user.template.maintain - Used for user accounts of type ‘maintain’
!user.template.registered - Used for user accounts of type ‘registered’
!user.template.sample - Used for user accounts of type ‘sample’