Types, realms, roles, and permissions


Type is the broadest user designation within Sakai. Types can be administrative or non-administrative:

Note: Sites can also have types (e.g., course sites and project sites), which determine what default roles the site recognizes. For example, a course site might get the !site.template.course roles (i.e., those defined by the !site.template.course realm).

Each implementation can be tailored differently, with different roles assigned to users. Each of these roles has a different matrix of permitted abilities within the site.

Realms and roles

Realms are packages of security grants that determine roles for accounts within a site. The permissions enabled for roles can be unique to each site. The defaults are set in the worksite's default template (e.g., !site.template.course for a course site, or !site.template.project for a project site).

For non-administrative users, the ability to create sites is outside the scope of a particular worksite, and is determined by the type of account (as described above in the "Types" section). The account type determines which realm template the user has, and within the realm template is the control for ability to create sites, for example:

When "registered" users create worksites, they automatically become a member of the site, and have (by default) roles that enable full permissions. By specifying roles for new users, site creators have the ability to control how participants use and/or interact with tools in the worksite. The role can be one of the default roles ("maintain" and "access"), or it can be a role that the administrator has created with the Realm tool.

All users have the broadest permissions (i.e., the ability create, edit, and delete) in their respective My Workspace tabs.


In general, the default "maintain" role has full permission to create, edit, and delete within a worksite. The default "access" role has fewer permissions, and cannot create or delete content in every tool (i.e., by default, the "access" role cannot upload files into Resources, but it can create Chat messages and Discussion replies).

Roles that have worksite edit capabilities (e.g., ) can change the permissions for tools, determining how participants can use them.

For a detailed list, by tool, of the different permissions that can be granted or disallowed, see Permissions, roles, and tools.

For a more information about permissions, see the Sakaipedia's Permissions list at:


This is document arbp.
Last modified on November 18, 2005.