ESciDoc Access Rights
Jump to navigation
Jump to search
Work in progress
- based on meeting NBU, UTS, MFR
Related discussion[edit]
see ESciDoc Institutional Visibility Discussion
Retrieval of items and components[edit]
- Rule of thumb: a component cannot be retrieved only if the user has no privilege to view it's enclosing item
Description of the roles/groups in the access component rules table[edit]
- Depositor - user who can create items in the repository and manage items (including components and their content) she created in accordance with the overall workflow rules.
- DataAdmin - user who has the possibility to create items and manage items (including components and their content) independently from their ownership and in accordance with the overall workflow rules.
- QARole - placeholder for roles in the system that are responsible for the quality assurance of the data e.g. Metadata editor, Moderator, Authority, Rights checking.
- Collaborator - placeholder for user-groups in the system that can access the content under specified conditions of item and version statuses.
- Audience - general placeholder for roles / groups in the system
- Internal - access level is allowed for above mentioned roles of Depositor, DataAdmin, QARole
- Public - no access level restriction
- Group - Groups of users (account users, unregistered users) that can be authorized via single criteria or combination of:
- List of organizational units (or IP address of the OU)
- List of account users
- Key/Certificate based (unregistered user)
- Audience and Collaborator groups differ by their access rights during the Item workflow.
General access level[edit]
Access component rules table[edit]
Item status | Who may access | Where is access level defined | Check for access level |
---|---|---|---|
pending | Depositor (only if owner) DataAdmin |
Context | No |
pending | Colaborator | Component (thus Item implicitly) | No |
submitted, in-revision | Depositor (if owner) DataAdmin QARole |
Context | No |
submitted | Colaborator | Component (thus item implicitly) | No |
released | Depositor (if owner) DataAdmin QARole |
Context | No |
released | Colaborator | Component (thus item implicitly) | No |
released | Audience | Component (thus item implicitly) | Yes => Access level can be Public XOR Internal* XOR Group* |
withdrawn | Depositor (if owner) DataAdmin QARole |
Context | Any |
Example[edit]
- Item A is created by Depositor D in context C and consist of:
- Component C1
- Component C2
Case 1[edit]
- Depositor D gives Internal access for Component C2 and Public access for Component C1
- Depositor D gives additionally access to Colaborator User U and to Colaborator Person P and to Colaborator Department DEP for Component C2
- Colaborator User U - is account user and is known to the system via his/her user account
- Colaborator Person P - is a system visitor who received a security "Key" from Depositor D with which s/he can access the Component C2