The Project Management (PM) cell has two basic functions:
In addition to the above functions it also stores various (possibly personalized) parameters associated with the services.
User access is determined by a user's "role", which is a variable that defines the actions that a user may perform within the HIVE. The role indicates whether or not a user has access to a particular service and how much data to return. The default role is USER and there are other roles, such as MANAGER, ADMINISTRATOR, and PROTECTED_ACCESS, each with its own set of privileges regarding what data can be viewed. An individual i2b2 user may have one or more roles.
The HIVE itself is defined by the PM service. The name of the HIVE is defined in the DOMAIN variable. A client that has the root location of the PM services as well as the method (REST / SOAP) for the access to the services can obtain the structure of the HIVE through these services.
When a person logs in to the i2b2 Workbench, a login screen comes up that requires the username, password and target location to be entered (The target location is also called the domain name or simply the domain). A request message is then sent to the PM cell. Each cell contains a mapping of domain names to urls which provide the address for the service in the PM that will authenticate the user. If the domain is not recognized by a cell (does not exist in the predefined lookup table), or the user does not have access to the domain, then the person is not authenticated to use that specific cell. If the domain exists and the user has access, then authentication occurs. In effect, the mapping of domain names to URLs provides the security to the authentication process when using each cell of the HIVE, because the domain name must be "registered" with each cell with the address of a HIVE's PM cell, and then referenced before proceeding. The PM cell returns the user's roles for a project to determine their permissions and privileges in each HIVE cell.
The message used by the PM cell for authentication and authorization is getUserConfiguration.