Skip to content
Projects
Groups
Snippets
Help
This project
Loading...
Sign in / Register
Toggle navigation
Documentation
Project
Overview
Details
Activity
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Issues
0
Issues
0
List
Board
Labels
Milestones
Merge Requests
0
Merge Requests
0
Wiki
Wiki
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Commits
Issue Boards
Open sidebar
Rachael Hu
Documentation
Commits
f0386ed2
Commit
f0386ed2
authored
Mar 28, 2016
by
Tom Laudeman
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Update role prose
parent
503e4f1a
Hide whitespace changes
Inline
Side-by-side
Showing
1 changed file
with
72 additions
and
54 deletions
+72
-54
DBUser API.md
Requirements/DBUser API.md
+72
-54
No files found.
Requirements/DBUser API.md
View file @
f0386ed2
...
@@ -30,60 +30,78 @@ their base data.
...
@@ -30,60 +30,78 @@ their base data.
#### Roles
#### Roles
-
Roles
Roles are somewhat synonymous with Linux groups. Users have a primary group, but may have several groups. The
-
Created and maintained by admins with role privileges
user has all privileges associated with each group of which they are a member.
-
Single privilege per role, must be coordinated with workflows and application functions
-
At least one role exists per institution
Roles have a number of traits:
-
At least one role per user (HRT user)
-
Potentially, roles for ad-hoc groups (sub-institution, department, professional orgs, etc.)
-
Created and maintained by admins with role-granting privileges
-
Need explicit, on-going policy guidance
-
There is (ideally) a single privilege per role
-
Roles and privileges must be coordinated with workflows and application features
Every account will be in the "Researcher" role which has the same privileges as the general public, but with a
-
At least one role exists per institution
TBD set of basic privileges including: search history, certain researcher reports.
-
At least one role per user, Public aka History Research Tool (HRT) user
-
Potentially we can have roles for ad-hoc groups (sub-institution, department, professional orgs, etc.)
-
Can be deprecated, but it repurposing roles is inadvisable from a security standpoint
| User type | Role | Description |
-
Need explicit, on-going policy guidance
|----------------------------+------------------------------------+-----------------------------------------------------------------------|
| Sysadmin | Server admin | Maintain server, backups, etc. |
Unlike Linux where every file and directory is "owned" by a user and group, SNAC constellations have no
| Database Administrator | DBA | Schema maintenance, data dumps, etc. |
ownership.
| Software engineer | Developer | Coding, testing, QA, release management, data loading, etc. |
| Manager | Web admin | Web accounts: create, manage, assign roles, run reports |
Every account will have the "Researcher" role which has the same privileges as the general public, but with a
| Peer vetting | Vetting | Approve moderators, reviewers, content experts |
TBD set of basic privileges including: search history, certain researcher reports. An account is not necessary
| Moderator | Moderator | Approve maintenance changes, posting those changes |
to use SNAC. Members of the public are mostly identical to Researchers. The primary feature gained by having
| Reviewer/editor | Maintenance | Maintainer privileges, interacts with moderators |
an account is a persistent dashboard.
| Content expert | Maintenance | Domain expert, may have zero institutional roles |
| Documentary editor | Maintenance | Distinguished by? |
(sync this prose with "user management.md")
| Maintenance | Maintenance | Distinguished by? |
| Researcher | Researcher | Use the discovery interface and history dashboard |
| Archival description donor | Block upload | Bulk uploads of CPF or finding aids |
| Role | Role Description |
| Name authority manager | Name authority | Donates name authority data perhaps via bulk upload |
|------------------------------+------------------------------------------------------------------------|
| Institutional admins | Institutional admin | Instutional role admin dashboard, institutional reports |
| Public HRT | No account, but may use HRT public interfaces to SNAC |
| Public | Researcher | No account, researcher role, no dashboard or single session dashboard |
| Researcher | May use the discovery interface and history dashboard, has an account |
| Contributor, constellation | Constellation create/edit | Create and edit constellations but cannot publish |
| Create/edit | Create and edit constellations but cannot publish (contributor) |
| Contributor, ontology | Ontology propose heading | May propose headings in ontologies, but cannot approve headings |
| Publish | May approve constellation publication (editor) |
| Editor-publish | Constellation publish | May approve constellation publication |
| Delete/embargo | May delete or embargo constellations (editor) |
| Editor-ontology | Ontology approve | May approve ontology headings |
| Propose delete/embargo | May propose delete or embargo |
| Editor-NACO | NACO approve/finalize/submit | May approve NACO contributions |
| Ontology propose | May propose headings in ontologies, but cannot approve headings |
| Editor-delete-embargo | Constellation delete/embargo | May delete or embargo constellations |
| Ontology approve | May approve ontology headings (editor) |
| Author-constellation | Contrib+Editor-publish | Create, edit and publish constellations |
| Propose NACO | May create(?) NACO contributions, but not push(?) to NACO |
| Author-NACO | Create provisional NACO | May create(?) NACO contributions, but not push(?) to NACO |
| NACO approve/finalize/submit | May approve NACO contributions (editor) |
| Administrator | Contributor + Editor-constellation | May create, edit, publish, delete, and embargo constellations |
| Enroll | May enroll new SNAC participants, create new users |
| Administrator-enroll | Create new users | May enroll new SNAC participants |
| Role assign own institution | May assign new roles for own-institution users |
| Administrator-assign | Role assign own institution | May assign new roles for own-institution individuals |
| Role assign any institution | May assign new roles for any institution users |
| Superuser | Admin-enroll+Admin-assign+Any-inst | Admin plus assign roles for any user of any institution |
| System administrator | Maintains server hardware and operating systems |
| Developer | Writes the SNAC application, a programmer |
Constellation create/edit
| Web administrator | (duplicate? historical?) May perform admin tasks via the web interface |
Constellation publish
| Database administrator | Create and maintain the SQL database |
Constellation delete/embargo
| Block upload | May do bulk uploads of EAC-CPF, finding aids, etc. |
Ontology propose heading
| Institutional reporter | May run own institutional reports |
Ontology approve heading
| Super reporter | May run any report |
Create provisional NACO
Approve/finalize/submit NACO
Create new users
| User type | Role(s) | User Description |
Role assign own institution
|----------------------------+--------------------------------------------------+--------------------------------------------------------------|
Role assign any institution
| Sysadmin | System administrator | Maintain server, backups, etc. |
| Database Administrator | DBA | Schema maintenance, data dumps, etc. |
| Software engineer | Developer + DBA | Coding, testing, QA, release management, data loading, etc. |
| Manager | Enroll + Role assign + Inst. Reporter | SNAC accounts: create, manage, assign roles, run reports |
| Peer vetting | Enroll | Approve moderators, reviewers, content experts |
| Moderator | Editor-publish | Approve maintenance changes, posting those changes |
| Reviewer/editor | Contributor + Editor-publish | Maintainer privileges, interacts with moderators |
| Content expert | Contributor | Domain expert, may have zero institutional roles |
| Documentary editor | Contributor | (Any distinguishing roles?) |
| Maintenance | Contributor, constellation | May be older terminology for "contributor" |
| Researcher | Researcher | Use the discovery interface and history dashboard |
| Archival description donor | Block upload | May do bulk uploads of EAC-CPF, finding aids, etc. |
| Name authority manager | Name authority | (superceded by Editor-NACO?) |
| Institutional admins | Institutional reporter | May run institutional reports |
| Public | Public | No SNAC account, single session dashboard |
| Contributor | Create/edit + Ontology propose | Creates/edit constellations, propose ontology headings |
| Author | Create/edit+Publish+Propose Del/Emb+Propose NACO | A contributor, with additional privileges |
| Editor | Create/edit+Publish+Delete/embargo+NACO | Review constellations, approve and publish |
| Author-NACO | Create provisional NACO | Creates NACO entries, sends to editor for submission |
| Administrator | Author + editor + enroll + assign | Everything, only own institution |
| Administrator-super | Administrator + any institution | Admin plus assign roles for any user of any institution |
### What data has to be stored for the user
### What data has to be stored for the user
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment