Skip to content

Documentation
Documentation
Commit 4c483cd6 by twl8n
Options

New authorization role table, improved role scope

parent c6e249b2
Showing with 50 additions and 20 deletions
tat_requirements/requirements.md
...@@ -525,27 +525,57 @@ Every account will be in the "Researcher" role which has the same privileges as ...@@ -525,27 +525,57 @@ Every account will be in the "Researcher" role which has the same privileges as
TBD set of basic privileges including: search history, certain researcher reports. TBD set of basic privileges including: search history, certain researcher reports.
[](#)[](#)
| User type | Role | Description | | User type | Role | Description |
|------------------------------------------+-----------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| |----------------------------+---------------------+------------------------------------------------------------------------|
| Sysadmin | Server admin, Web admin | Maintain server, backups, etc. | | Sysadmin | Server admin | Maintain server, backups, etc. |
| DBA | Server admin, DB admin, Web admin | Schema maintenance, data dumps, etc. | | DBA | DB admin | Schema maintenance, data dumps, etc. |
| Programmer | Server admin, Web admin | Coding, testing, QA, release management, data loading, etc. | | Software engineer | Developer | Coding, testing, QA, release management, data loading, etc. |
| Manager | Web admin | Web account creation, account management, privilege management, web reporting | | Manager | Web admin | Web accounts: create, manage, assign roles, run reports |
| Peer vetting | Vetting | Reviewing applicant Moderators, Reviewers, Content experts, uses the Vetting UI | | Peer vetting | Vetting | Approve moderators, reviewers, content experts |
| Moderator | Moderator | Reviewing Maintenance changes and posting those changes, is vetted | | Moderator | Moderator | Approve maintenance changes, posting those changes |
| Reviewer/editor | Maintenance | Has Maintainer privileges, affiliated with an institution and vouchedfor by that institution, vetted, interacts with Moderators | | Reviewer/editor | Maintenance | Maintainer privileges, interacts with moderators |
| Content expert | Maintenance | Not affiliated with an institution, a domain expert, has Maintainer privileges, vetted, interacts with Moderators | | Content expert | Maintenance | Domain expert, may have zero institutional roles |
| Documentary editor | | | | Documentary editor | Maintenance | Distinguished by? |
| Maintenance | (Same as Reviewer/editor?) | | | Maintenance | Maintenance | Distinguished by? |
| Researcher (read-only) | Researcher | The main consumer of SNAC, uses the public web interface to search and discover, has an account so they can save searches and use other session related features | | Researcher | Researcher | Use the discovery interface and history dashboard |
| Institutional archival description donor | Block upload | Member of an institution that donates blocks of descriptions, may have block upload privs, may have update privs | | Archival description donor | Block upload | Bulk uploads of CPF or finding aids |
| Name authority manager | Name authority | Someone in charge of  a name authority, donates descriptions to SNAC, may have some Admin privs to update descriptions, may have bulk upload privs | | Name authority manager | Name authority | Donates name authority data perhaps via bulk upload |
| Institutional admins | | These users need an admin dashboard with corresponding reports. We may need to have sub-institution accounts and that gets tricky because we don't want to be mixed up in internal institutional politics. | | Institutional admins | Institutional admin | Admin dashboard, institutional reports |
| | | Certain users will be distinguished by having access to administrative | | Public | Researcher | No account, researcher role, no dashboard, or single session dashboard |
| | | reports for their institution (but probably not for other institutions). |
Not listed above are "is instution member" roles. Any user can have zero or more roles that define their
instutional privileges. This primarily effects reporting and admin. In the case of reports, membership in an
institution constrains the reporting. When setting up a report, users may only choose from institutions of
which they are members. Some reports may auto-detect the user's membership.
Institutional Admins have the ability: view membership lists of their institution(s), and to add or remove
their instutional role for users. It is possible for an institutional admin to be a member of more than one
institution.
Roles which require one or more instutitutional roles (affiliation):
- Block upload
- Name authority
- Institutional admin
Roles which may have zero or more institutional roles:
- Web admin
- Vetting
- Moderator
- Maintenance (likely to have one or more)
- Researcher
There are several dashboard sections:
- Standard researcher history
- Standard user account management (password, email, etc.)
- Web admin account creation, deletion, role assignments
- Vetting admin (if we have vetting)
- Available reports.
#### Web Application Administration #### Web Application Administration
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment