Permission Template Access roles behaviors



cs-ccs-asm-as


green = works as expected and agreed uponred = does NOT work as expected and agreed uponyellow = unsure



Consensus vs.
Needs Confirmaton

Behavior

Access Role


Works now for Collections

Expected to work
based on description for Collections

Works now for
Admin Sets
Expected to work
based on description for
Admin Sets

Comments
Impacting collections/adminsets
āˆšāˆšāˆš
edit_access in solr_doc to collection/adminsetmanagerYESmanager can modify collection metadata

YES

manager can edit the set metadata, participants, and release and visibility settings
āˆšāˆšāˆš

depositorNO
NO
NOTE: Creator of the AS does not have edit access at master
āˆšāˆšāˆš

viewerNO
NO
NOTE: Creator of the AS does not have edit access at master











āˆšāˆšāˆš
read_access in solr doc to collection/adminsetmanagerNO
NO

āˆš??Should depositors have read access?
I propose an additional setting for sharing that allows this to be ON/OFF for a collection type.

depositorNOdepositor can view the collectionNO

In general...

  • for collections, you likely will want depositors to have read_access.Ā  For example, if a team is jointly curating a collection, depositors to the collection will want to view the collection.
  • for admin_sets, you may not want depositors to have read_access. For example, if you only use the default admin set, you may not want to grant all users access to view that admin set.
āˆšXXI propose that Viewer of admin sets SHOULD have read access.
viewerYESviewer can view the collection even if the visibility permissions of the collection otherwise would not permit them to view it.NO
Rationale...
A user who is granted special access to a collection/admin set have a higher need to be able to see the collection/admin set's metadata and list of works.











āˆšāˆš

access to collection/adminset index via Managed Collections tabmanagerYES
YES
NOTE: Managed Collections does not yet exist at master.
āˆšX
If granted read access, depositors will see admin sets in Managed Collections.
depositorYESdepositor can view the collectionNO
Depositors do NOT see admin sets in Managed Collections.

NOTE: Managed Collections does not yet exist at master.
āˆšX
If granted read access, viewers will see admin sets in Managed Collections.
viewerYESviewer can view the collection even if the visibility permissions of the collection otherwise would not permit them to view it.NO

Viewers do NOT see admin sets in Managed Collections.

NOTE: Managed Collections does not yet exist at master.
















create collection/adminsetany userSORT OF
ADMINs only
For collections, who can create collections of a particular type is limited to collection type managers and creators.Ā  The admin set collection type also controls who can create admin sets, but the collection type for admin sets is hard coded to only allow admins to do this.











āˆšāˆšāˆš
delete collection/adminsetmanagerYESmanager delete the collectionYES

āˆš??

depositorNO
NO?
Can't see admin sets.Ā  Need to re-test after granting read access.
āˆš??

viewerNO
NO?
Can't see admin sets.Ā  Need to re-test after granting read access.











āˆšāˆšāˆš
access to collection/adminset show pagemanagerYES

YES


via :edit access to the collection
X??Need to grant collection/admin set depositor read access to view show page.
depositorNOdepositor can view the collectionNO
PROPOSED change to YES-- via :read access to the collection & admin set
āˆš??Need to grant admin set viewer read access to view show page.
viewerYES
NO


PROPOSED change to YES for admin sets -- via :read access to the admin set











āˆšāˆšāˆš
access to collection/adminset edit pagemanagerYESmanager can modify collection metadataYESmanager can edit the set metadata, participants, and release and visibility settings
āˆšāˆšāˆš

depositorNO
NO

āˆšāˆšāˆš

viewerNO
NO












āˆšāˆšāˆš
add works to collection/adminsetmanagerYESmanager can add to and remove works from the collectionNEW ONLY
admin sets via New Work form only
XāˆšāˆšGranting read access will allow depositor to add works from admin show page.
depositorNOdepositor can add works to to the collectionNEW ONLYdepositor can add new works to this administrative set

admin sets via New Work form only

Currently, without read access to collection, a depositor can only add works to a collection via Work ā†’ Relationship Tab OR via bulk add to collection on DashboardĀ ā†’ Works index page.

Edit Works ā†’ Relationships TabĀ ā€“ DOES NOT include collections where user is depositor, but it SHOULD.

PROPOSED change to grant depositor read access will allow depositors to add works from the collection admin show page.

āˆšāˆšāˆš

viewerNO
NO
















remove works from collection/adminsetmanagerYES, IFmanager can add to and remove works from the collection

NO


YES IF requires_membership? false

NO IF requires_membership? true

NOTE: Admin sets uses the master UI which does not surface the ability to remove works from the adminset show page.







depositor?
NO
Can't right now for sure because the depositor can't get to the page where Remove is allowed.

NOTE: Admin sets uses the master UI which does not surface the ability to remove works from the adminset show page.






viewerNO
NO

NOTE: Admin sets uses the master UI which does not surface the ability to remove works from the adminset show page.












āˆšāˆšāˆš
move works between collection/adminsetmanagerYESmanager can add to and remove works from the collectionYES

YES when moving between collections of the same type

YES when moving between different collection types IF requires_membership? false

Minimally, manager has to be a manager/depositor to both collections

NOTE: Move is currently only allowed from edit work Relationships tab, by selecting different collections/admin set.

XāˆšāˆšFor collections... Possibly solved by depositor having read access to the collection?
depositorNO
YES/NO
For admin sets... requires edit access to the work.Ā  Can change for works the depositor created.
āˆšāˆšāˆš

viewerNO
NO




Consensus vs.
Needs Confirmaton

Behavior

Access Role


Works now for Collections

Expected to work
based on description for Collections

Works now for
Admin Sets
Expected to work
based on description for
Admin Sets

Comments
Impacting works




edit_access in solr_doc to new worksmanagerYESmanager can edit work metadataYESmanager can edit work metadataApplied at create time when a work is created in just one collection.Ā  Admin set participants are applied every time a work is created.Ā  Collection and admin set permissions are additive.





depositorNO
NO






viewerNO
NO
















read_access in solr doc to collection/adminsetmanagerNO
NO






depositorNOdepositor can view the collectionNO






viewerYESviewer can view it even if the visibility permissions of the collection otherwise would not permit them to view itYESviewer can view works in the set regardless of the visibility settings applied to the workApplied at create time when a work is created in just one collection.Ā  Admin set participants are applied every time a work is created.Ā  Collection and admin set permissions are additive.




All other access to works is based on the edit and read access grants and is controlled by the standard abilities process.