Commit 4c483cd6 by twl8n

New authorization role table, improved role scope

parent c6e249b2
...@@ -525,27 +525,57 @@ Every account will be in the "Researcher" role which has the same privileges as ...@@ -525,27 +525,57 @@ Every account will be in the "Researcher" role which has the same privileges as
TBD set of basic privileges including: search history, certain researcher reports. TBD set of basic privileges including: search history, certain researcher reports.
[](#)[](#) | User type | Role | Description |
|----------------------------+---------------------+------------------------------------------------------------------------|
| Sysadmin | Server admin | Maintain server, backups, etc. |
| User type | Role | Description | | DBA | DB admin | Schema maintenance, data dumps, etc. |
|------------------------------------------+-----------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| | Software engineer | Developer | Coding, testing, QA, release management, data loading, etc. |
| Sysadmin | Server admin, Web admin | Maintain server, backups, etc. | | Manager | Web admin | Web accounts: create, manage, assign roles, run reports |
| DBA | Server admin, DB admin, Web admin | Schema maintenance, data dumps, etc. | | Peer vetting | Vetting | Approve moderators, reviewers, content experts |
| Programmer | Server admin, Web admin | Coding, testing, QA, release management, data loading, etc. | | Moderator | Moderator | Approve maintenance changes, posting those changes |
| Manager | Web admin | Web account creation, account management, privilege management, web reporting | | Reviewer/editor | Maintenance | Maintainer privileges, interacts with moderators |
| Peer vetting | Vetting | Reviewing applicant Moderators, Reviewers, Content experts, uses the Vetting UI | | Content expert | Maintenance | Domain expert, may have zero institutional roles |
| Moderator | Moderator | Reviewing Maintenance changes and posting those changes, is vetted | | Documentary editor | Maintenance | Distinguished by? |
| Reviewer/editor | Maintenance | Has Maintainer privileges, affiliated with an institution and vouchedfor by that institution, vetted, interacts with Moderators | | Maintenance | Maintenance | Distinguished by? |
| Content expert | Maintenance | Not affiliated with an institution, a domain expert, has Maintainer privileges, vetted, interacts with Moderators | | Researcher | Researcher | Use the discovery interface and history dashboard |
| Documentary editor | | | | Archival description donor | Block upload | Bulk uploads of CPF or finding aids |
| Maintenance | (Same as Reviewer/editor?) | | | Name authority manager | Name authority | Donates name authority data perhaps via bulk upload |
| Researcher (read-only) | Researcher | The main consumer of SNAC, uses the public web interface to search and discover, has an account so they can save searches and use other session related features | | Institutional admins | Institutional admin | Admin dashboard, institutional reports |
| Institutional archival description donor | Block upload | Member of an institution that donates blocks of descriptions, may have block upload privs, may have update privs | | Public | Researcher | No account, researcher role, no dashboard, or single session dashboard |
| Name authority manager | Name authority | Someone in charge of  a name authority, donates descriptions to SNAC, may have some Admin privs to update descriptions, may have bulk upload privs |
| Institutional admins | | These users need an admin dashboard with corresponding reports. We may need to have sub-institution accounts and that gets tricky because we don't want to be mixed up in internal institutional politics. |
| | | Certain users will be distinguished by having access to administrative | Not listed above are "is instution member" roles. Any user can have zero or more roles that define their
| | | reports for their institution (but probably not for other institutions). | instutional privileges. This primarily effects reporting and admin. In the case of reports, membership in an
institution constrains the reporting. When setting up a report, users may only choose from institutions of
which they are members. Some reports may auto-detect the user's membership.
Institutional Admins have the ability: view membership lists of their institution(s), and to add or remove
their instutional role for users. It is possible for an institutional admin to be a member of more than one
institution.
Roles which require one or more instutitutional roles (affiliation):
- Block upload
- Name authority
- Institutional admin
Roles which may have zero or more institutional roles:
- Web admin
- Vetting
- Moderator
- Maintenance (likely to have one or more)
- Researcher
There are several dashboard sections:
- Standard researcher history
- Standard user account management (password, email, etc.)
- Web admin account creation, deletion, role assignments
- Vetting admin (if we have vetting)
- Available reports.
#### Web Application Administration #### Web Application Administration
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment