The basic building blocks (entities) of SURF Research Access Management are organisations, collaborations and groups:
- For every customer that wants to create collaborations in SRAM, upon ordering SRAM, SURF creates an 'organisation' (most of the time this represents an Institution).
- As soon as the organization is created, the administrator of the organization is able to create collaborations in SRAM (representing a research collaboration / project) and assign admins to that collaboration.
- The admin of a collaboration is able to connect research services to the collaboration and invite members (researchers that want to collaborate).
- The admin is able to create 'groups' of members of the collaboration.
When a user signs in to a research service through SRAM, SRAM releases information about the user, amongst which is what collaborations the user is member of, as well as the groups within the collaborations he is member of. The research service can use this information for for instance authorization decisions, for example 'everyone in group member only has read access, and people in the admin-group have write access', or everyone in group 'dataset A' can access dataset A.