Permission Template Access roles behaviors
| cs-c | cs-as | m-as | green = works as expected and agreed upon | red = does NOT work as expected and agreed upon | yellow = unsure | |||||
| Consensus vs. Needs Confirmaton | Behavior | Access Role |
| Expected to work based on description for Collections | Works now for Admin Sets | Expected to work based on description for Admin Sets | Comments | |||
|---|---|---|---|---|---|---|---|---|---|---|
| Impacting collections/adminsets | ||||||||||
| √ | √ | √ | edit_access in solr_doc to collection/adminset | manager | YES | manager can modify collection metadata | YES | manager can edit the set metadata, participants, and release and visibility settings | ||
| √ | √ | √ | depositor | NO | NO | NOTE: Creator of the AS does not have edit access at master | ||||
| √ | √ | √ | viewer | NO | NO | NOTE: Creator of the AS does not have edit access at master | ||||
| √ | √ | √ | read_access in solr doc to collection/adminset | manager | NO | NO | ||||
| √ | ? | ? | Should depositors have read access? I propose an additional setting for sharing that allows this to be ON/OFF for a collection type. | depositor | NO | depositor can view the collection | NO | In general...
| ||
| √ | X | X | I propose that Viewer of admin sets SHOULD have read access. | viewer | YES | viewer can view the collection even if the visibility permissions of the collection otherwise would not permit them to view it. | NO | Rationale... A user who is granted special access to a collection/admin set have a higher need to be able to see the collection/admin set's metadata and list of works. | ||
| √ | √ | access to collection/adminset index via Managed Collections tab | manager | YES | YES | NOTE: Managed Collections does not yet exist at master. | ||||
| √ | X | If granted read access, depositors will see admin sets in Managed Collections. | depositor | YES | depositor can view the collection | NO | Depositors do NOT see admin sets in Managed Collections. NOTE: Managed Collections does not yet exist at master. | |||
| √ | X | If granted read access, viewers will see admin sets in Managed Collections. | viewer | YES | viewer can view the collection even if the visibility permissions of the collection otherwise would not permit them to view it. | NO | Viewers do NOT see admin sets in Managed Collections. NOTE: Managed Collections does not yet exist at master. | |||
| create collection/adminset | any user | SORT OF | ADMINs only | For collections, who can create collections of a particular type is limited to collection type managers and creators. The admin set collection type also controls who can create admin sets, but the collection type for admin sets is hard coded to only allow admins to do this. | ||||||
| √ | √ | √ | delete collection/adminset | manager | YES | manager delete the collection | YES | |||
| √ | ? | ? | depositor | NO | NO? | Can't see admin sets. Need to re-test after granting read access. | ||||
| √ | ? | ? | viewer | NO | NO? | Can't see admin sets. Need to re-test after granting read access. | ||||
| √ | √ | √ | access to collection/adminset show page | manager | YES | YES | via :edit access to the collection | |||
| X | ? | ? | Need to grant collection/admin set depositor read access to view show page. | depositor | NO | depositor can view the collection | NO | PROPOSED change to YES-- via :read access to the collection & admin set | ||
| √ | ? | ? | Need to grant admin set viewer read access to view show page. | viewer | YES | NO | PROPOSED change to YES for admin sets -- via :read access to the admin set | |||
| √ | √ | √ | access to collection/adminset edit page | manager | YES | manager can modify collection metadata | YES | manager can edit the set metadata, participants, and release and visibility settings | ||
| √ | √ | √ | depositor | NO | NO | |||||
| √ | √ | √ | viewer | NO | NO | |||||
| √ | √ | √ | add works to collection/adminset | manager | YES | manager can add to and remove works from the collection | NEW ONLY | admin sets via New Work form only | ||
| X | √ | √ | Granting read access will allow depositor to add works from admin show page. | depositor | NO | depositor can add works to to the collection | NEW ONLY | depositor can add new works to this administrative set | admin sets via New Work form only Currently, without read access to collection, a depositor can only add works to a collection via Work → Relationship Tab OR via bulk add to collection on Dashboard → Works index page. Edit Works → Relationships Tab – DOES NOT include collections where user is depositor, but it SHOULD. PROPOSED change to grant depositor read access will allow depositors to add works from the collection admin show page. | |
| √ | √ | √ | viewer | NO | NO | |||||
| remove works from collection/adminset | manager | YES, IF | manager can add to and remove works from the collection | NO | YES IF requires_membership? false NO IF requires_membership? trueNOTE: Admin sets uses the master UI which does not surface the ability to remove works from the adminset show page. | |||||
| depositor | ? | NO | Can't right now for sure because the depositor can't get to the page where Remove is allowed. NOTE: Admin sets uses the master UI which does not surface the ability to remove works from the adminset show page. | |||||||
| viewer | NO | NO | NOTE: Admin sets uses the master UI which does not surface the ability to remove works from the adminset show page. | |||||||
| √ | √ | √ | move works between collection/adminset | manager | YES | manager can add to and remove works from the collection | YES | YES when moving between collections of the same type YES when moving between different collection types IF requires_membership? false Minimally, manager has to be a manager/depositor to both collections NOTE: Move is currently only allowed from edit work Relationships tab, by selecting different collections/admin set. | ||
| X | √ | √ | For collections... Possibly solved by depositor having read access to the collection? | depositor | NO | YES/NO | For admin sets... requires edit access to the work. Can change for works the depositor created. | |||
| √ | √ | √ | viewer | NO | NO | |||||
| Consensus vs. Needs Confirmaton | Behavior | Access Role |
| Expected to work based on description for Collections | Works now for Admin Sets | Expected to work based on description for Admin Sets | Comments | |||
| Impacting works | ||||||||||
| edit_access in solr_doc to new works | manager | YES | manager can edit work metadata | YES | manager can edit work metadata | Applied at create time when a work is created in just one collection. Admin set participants are applied every time a work is created. Collection and admin set permissions are additive. | ||||
| depositor | NO | NO | ||||||||
| viewer | NO | NO | ||||||||
| read_access in solr doc to collection/adminset | manager | NO | NO | |||||||
| depositor | NO | depositor can view the collection | NO | |||||||
| viewer | YES | viewer can view it even if the visibility permissions of the collection otherwise would not permit them to view it | YES | viewer can view works in the set regardless of the visibility settings applied to the work | Applied at create time when a work is created in just one collection. Admin set participants are applied every time a work is created. Collection and admin set permissions are additive. | |||||
| All other access to works is based on the edit and read access grants and is controlled by the standard abilities process. | ||||||||||