Note on authorization

Currentely, we have
  • anonymous user
  • authenticated generic
  • authenticated user
  • authenticated usr lead
  • site admin
The naming was chosen strictly to have it sorted in alpha-order with increasing privilege. It was NOT the intent to have "site admin" administer basic layout of the site (should be reserved to the main admin).
BEWARE that some privileges should NOT be granted to ANY categories but site admins which should by themselves be restricted. Especially:
  • administer nodes allows to bypass all privileges since the node itself is accessible. This includes bypass of OG document access
The following users have site admin privs
  • testadmin
  • chajecki
See also Existing generic accounts.