/
Permission Template Access roles behaviors

Samvera Community Wiki

Permission Template Access roles behaviors

Nov 22, 2017

cs-c

cs-as

m-as

 

 

 

green = works as expected and agreed upon

red = does NOT work as expected and agreed upon

yellow = unsure

 

 

 

Consensus vs.
Needs Confirmaton


Behavior


Access Role


Works now for Collections

Expected to work
based on description for Collections


Works now for
Admin Sets

Expected to work
based on description for
Admin Sets


Comments

Impacting collections/adminsets

 

edit_access in solr_doc to collection/adminset

manager

YES

manager can modify collection metadata

YES

manager can edit the set metadata, participants, and release and visibility settings

 

 

 

depositor

NO

 

NO

 

NOTE: Creator of the AS does not have edit access at master

 

 

viewer

NO

 

NO

 

NOTE: Creator of the AS does not have edit access at master

 

 

 

 

 

 

 

 

 

 

 

 

read_access in solr doc to collection/adminset

manager

NO

 

NO

 

 

?

?

Should depositors have read access?
I propose an additional setting for sharing that allows this to be ON/OFF for a collection type.

 

depositor

NO

depositor can view the collection

NO

 

In general...

  • for collections, you likely will want depositors to have read_access.  For example, if a team is jointly curating a collection, depositors to the collection will want to view the collection.

  • for admin_sets, you may not want depositors to have read_access. For example, if you only use the default admin set, you may not want to grant all users access to view that admin set.

X

X

I propose that Viewer of admin sets SHOULD have read access.

 

viewer

YES

viewer can view the collection even if the visibility permissions of the collection otherwise would not permit them to view it.

NO

 

Rationale...
A user who is granted special access to a collection/admin set have a higher need to be able to see the collection/admin set's metadata and list of works.

 

 

 

 

 

 

 

 

 

 

 

 

 

access to collection/adminset index via Managed Collections tab

manager

YES

 

YES

 

NOTE: Managed Collections does not yet exist at master.

X

 

If granted read access, depositors will see admin sets in Managed Collections.

 

depositor

YES

depositor can view the collection

NO

 

Depositors do NOT see admin sets in Managed Collections.

NOTE: Managed Collections does not yet exist at master.

X

 

If granted read access, viewers will see admin sets in Managed Collections.

 

viewer

YES

viewer can view the collection even if the visibility permissions of the collection otherwise would not permit them to view it.

NO

 

Viewers do NOT see admin sets in Managed Collections.

NOTE: Managed Collections does not yet exist at master.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

create collection/adminset

any user

SORT OF

 

ADMINs only

 

For collections, who can create collections of a particular type is limited to collection type managers and creators.  The admin set collection type also controls who can create admin sets, but the collection type for admin sets is hard coded to only allow admins to do this.

 

 

 

 

 

 

 

 

 

 

 

 

delete collection/adminset

manager

YES

manager delete the collection

YES

 

 

?

?

 

 

depositor

NO

 

NO?

 

Can't see admin sets.  Need to re-test after granting read access.

?

?

 

 

viewer

NO

 

NO?

 

Can't see admin sets.  Need to re-test after granting read access.

 

 

 

 

 

 

 

 

 

 

 

 

access to collection/adminset show page

manager

YES

 

YES

 

via :edit access to the collection

X

?

?

Need to grant collection/admin set depositor read access to view show page.

 

depositor

NO

depositor can view the collection

NO

 

PROPOSED change to YES-- via :read access to the collection & admin set

?

?

Need to grant admin set viewer read access to view show page.

 

viewer

YES

 

NO

 

PROPOSED change to YES for admin sets -- via :read access to the admin set

 

 

 

 

 

 

 

 

 

 

 

 

access to collection/adminset edit page

manager

YES

manager can modify collection metadata

YES

manager can edit the set metadata, participants, and release and visibility settings

 

 

 

depositor

NO

 

NO

 

 

 

 

viewer

NO

 

NO

 

 

 

 

 

 

 

 

 

 

 

 

 

 

add works to collection/adminset

manager

YES

manager can add to and remove works from the collection

NEW ONLY

 

admin sets via New Work form only

X

Granting read access will allow depositor to add works from admin show page.

 

depositor

NO

depositor can add works to to the collection

NEW ONLY

depositor can add new works to this administrative set

admin sets via New Work form only

Currently, without read access to collection, a depositor can only add works to a collection via Work → Relationship Tab OR via bulk add to collection on Dashboard → Works index page.

Edit Works → Relationships Tab – DOES NOT include collections where user is depositor, but it SHOULD.

PROPOSED change to grant depositor read access will allow depositors to add works from the collection admin show page.

 

 

viewer

NO

 

NO

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

remove works from collection/adminset

manager

YES, IF

manager can add to and remove works from the collection

NO