...
A site can set managers on an admin set, which grants them
:manage
access to that admin set. This creates the solr edit access and Fedora AccessControl entries as well, same as for other collections.Admin set managers are given
edit_access
to a work at the time it is creating within the admin set.Access to a work is granted when the work is created. Changes to managers after a work is created do not change the access grants of any existing works. Work access grants can be updated in the work edit form to remove/add access for any group/user including those set by the collection. See also Setting groups vs. users as participants.
Depositor
Depositors of a collection can view the collection’s admin show page and add works even if the visibility permissions of the collection otherwise would not permit them to view it. If the collection type allows nesting of collections, the manager can also add parent collections and subcollections.
...
Viewers of a collection can add to and remove works from the collection, modify collection metadata, and delete the collection. If configured to set work permissions, the viewers are given ‘read_access’ to any work created directly in the collection. See Configuring collection sharing for more information.
Default: assigned only, no defaults
...
When a viewer is added
an entry is added to the database via
Hyrax::PermissionTemplateAccess
granting the user/group:view
accessread_access_group_ssim
orread_access_person_ssim
is set in the solr documenta
Hydra::AccessControls::Permission
is added in Fedora
When a viewer is removed
the entry added by
Hyrax::PermissionTemplateAccess
is removed from the database for this viewerread_access_group_ssim
orread_access_person_ssim
is updated to remove the group/user id from the solr documentthe
Hydra::AccessControls::Permission
is removed from Fedora
When the create new work actor stack is run, if this is the only collection assigned, then the work is considered to be created directly in the collection. When a work is created directly in a collection AND the collection type is configured to apply permissions to new works
each viewer is granted
read_access
to the new work
Panel | ||||||
---|---|---|---|---|---|---|
| ||||||
A work is considered to be created directly in a collection when the work is first created, if-and-only-if, there is one collection assigned to the work when the work is saved for the first time. |
...
Note |
---|
Access to a work is granted when the work is created. Changes to viewers after a work is created do not change the access grants of any existing works. Work access grants can be updated in the work edit form to remove/add access for any group/user including those set by the collection. See also Setting groups vs. users as participants. |
Setting groups vs. users as participants
...