Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  • A site can set managers on an admin set, which grants them :manage access to that admin set. This creates the solr edit access and Fedora AccessControl entries as well, same as for other collections.

  • Admin set managers are given edit_access to a work at the time it is creating within the admin set.

  • Access to a work is granted when the work is created. Changes to managers after a work is created do not change the access grants of any existing works. Work access grants can be updated in the work edit form to remove/add access for any group/user including those set by the collection. See also Setting groups vs. users as participants.

Depositor

Depositors of a collection can view the collection’s admin show page and add works even if the visibility permissions of the collection otherwise would not permit them to view it. If the collection type allows nesting of collections, the manager can also add parent collections and subcollections.

...

Viewers of a collection can add to and remove works from the collection, modify collection metadata, and delete the collection. If configured to set work permissions, the viewers are given ‘read_access’ to any work created directly in the collection. See Configuring collection sharing for more information.

Default: assigned only, no defaults

...

  • When a viewer is added

    • an entry is added to the database via Hyrax::PermissionTemplateAccess granting the user/group :viewaccess

    • read_access_group_ssim or read_access_person_ssim is set in the solr document

    • a Hydra::AccessControls::Permission is added in Fedora

  • When a viewer is removed

    • the entry added by Hyrax::PermissionTemplateAccess is removed from the database for this viewer

    • read_access_group_ssim or read_access_person_ssim is updated to remove the group/user id from the solr document

    • the Hydra::AccessControls::Permission is removed from Fedora

  • When the create new work actor stack is run, if this is the only collection assigned, then the work is considered to be created directly in the collection. When a work is created directly in a collection AND the collection type is configured to apply permissions to new works

    • each viewer is granted read_access to the new work

Panel
panelIconIdatlassian-info
panelIcon:info:
bgColor#B3D4FF

A work is considered to be created directly in a collection when the work is first created, if-and-only-if, there is one collection assigned to the work when the work is saved for the first time.

...

Note

Access to a work is granted when the work is created. Changes to viewers after a work is created do not change the access grants of any existing works. Work access grants can be updated in the work edit form to remove/add access for any group/user including those set by the collection. See also Setting groups vs. users as participants.

Setting groups vs. users as participants

...