Skip to content

Documentation
Documentation
Commit f0386ed2 by Tom Laudeman
Options

Update role prose

parent 503e4f1a
Showing with 72 additions and 54 deletions
Requirements/DBUser API.md
...@@ -30,60 +30,78 @@ their base data. ...@@ -30,60 +30,78 @@ their base data.
#### Roles #### Roles
- Roles Roles are somewhat synonymous with Linux groups. Users have a primary group, but may have several groups. The
- Created and maintained by admins with role privileges user has all privileges associated with each group of which they are a member.
- Single privilege per role, must be coordinated with workflows and application functions
- At least one role exists per institution Roles have a number of traits:
- At least one role per user (HRT user)
- Potentially, roles for ad-hoc groups (sub-institution, department, professional orgs, etc.) - Created and maintained by admins with role-granting privileges
- Need explicit, on-going policy guidance - There is (ideally) a single privilege per role
- Roles and privileges must be coordinated with workflows and application features
Every account will be in the "Researcher" role which has the same privileges as the general public, but with a - At least one role exists per institution
TBD set of basic privileges including: search history, certain researcher reports. - At least one role per user, Public aka History Research Tool (HRT) user
- Potentially we can have roles for ad-hoc groups (sub-institution, department, professional orgs, etc.)
- Can be deprecated, but it repurposing roles is inadvisable from a security standpoint
| User type | Role | Description | - Need explicit, on-going policy guidance
|----------------------------+------------------------------------+-----------------------------------------------------------------------|
| Sysadmin | Server admin | Maintain server, backups, etc. | Unlike Linux where every file and directory is "owned" by a user and group, SNAC constellations have no
| Database Administrator | DBA | Schema maintenance, data dumps, etc. | ownership.
| Software engineer | Developer | Coding, testing, QA, release management, data loading, etc. |
| Manager | Web admin | Web accounts: create, manage, assign roles, run reports | Every account will have the "Researcher" role which has the same privileges as the general public, but with a
| Peer vetting | Vetting | Approve moderators, reviewers, content experts | TBD set of basic privileges including: search history, certain researcher reports. An account is not necessary
| Moderator | Moderator | Approve maintenance changes, posting those changes | to use SNAC. Members of the public are mostly identical to Researchers. The primary feature gained by having
| Reviewer/editor | Maintenance | Maintainer privileges, interacts with moderators | an account is a persistent dashboard.
| Content expert | Maintenance | Domain expert, may have zero institutional roles |
| Documentary editor | Maintenance | Distinguished by? | (sync this prose with "user management.md")
| Maintenance | Maintenance | Distinguished by? |
| Researcher | Researcher | Use the discovery interface and history dashboard |
| Archival description donor | Block upload | Bulk uploads of CPF or finding aids | | Role | Role Description |
| Name authority manager | Name authority | Donates name authority data perhaps via bulk upload | |------------------------------+------------------------------------------------------------------------|
| Institutional admins | Institutional admin | Instutional role admin dashboard, institutional reports | | Public HRT | No account, but may use HRT public interfaces to SNAC |
| Public | Researcher | No account, researcher role, no dashboard or single session dashboard | | Researcher | May use the discovery interface and history dashboard, has an account |
| Contributor, constellation | Constellation create/edit | Create and edit constellations but cannot publish | | Create/edit | Create and edit constellations but cannot publish (contributor) |
| Contributor, ontology | Ontology propose heading | May propose headings in ontologies, but cannot approve headings | | Publish | May approve constellation publication (editor) |
| Editor-publish | Constellation publish | May approve constellation publication | | Delete/embargo | May delete or embargo constellations (editor) |
| Editor-ontology | Ontology approve | May approve ontology headings | | Propose delete/embargo | May propose delete or embargo |
| Editor-NACO | NACO approve/finalize/submit | May approve NACO contributions | | Ontology propose | May propose headings in ontologies, but cannot approve headings |
| Editor-delete-embargo | Constellation delete/embargo | May delete or embargo constellations | | Ontology approve | May approve ontology headings (editor) |
| Author-constellation | Contrib+Editor-publish | Create, edit and publish constellations | | Propose NACO | May create(?) NACO contributions, but not push(?) to NACO |
| Author-NACO | Create provisional NACO | May create(?) NACO contributions, but not push(?) to NACO | | NACO approve/finalize/submit | May approve NACO contributions (editor) |
| Administrator | Contributor + Editor-constellation | May create, edit, publish, delete, and embargo constellations | | Enroll | May enroll new SNAC participants, create new users |
| Administrator-enroll | Create new users | May enroll new SNAC participants | | Role assign own institution | May assign new roles for own-institution users |
| Administrator-assign | Role assign own institution | May assign new roles for own-institution individuals | | Role assign any institution | May assign new roles for any institution users |
| Superuser | Admin-enroll+Admin-assign+Any-inst | Admin plus assign roles for any user of any institution | | System administrator | Maintains server hardware and operating systems |
| Developer | Writes the SNAC application, a programmer |
Constellation create/edit | Web administrator | (duplicate? historical?) May perform admin tasks via the web interface |
Constellation publish | Database administrator | Create and maintain the SQL database |
Constellation delete/embargo | Block upload | May do bulk uploads of EAC-CPF, finding aids, etc. |
Ontology propose heading | Institutional reporter | May run own institutional reports |
Ontology approve heading | Super reporter | May run any report |
Create provisional NACO
Approve/finalize/submit NACO
Create new users | User type | Role(s) | User Description |
Role assign own institution |----------------------------+--------------------------------------------------+--------------------------------------------------------------|
Role assign any institution | Sysadmin | System administrator | Maintain server, backups, etc. |
| Database Administrator | DBA | Schema maintenance, data dumps, etc. |
| Software engineer | Developer + DBA | Coding, testing, QA, release management, data loading, etc. |
| Manager | Enroll + Role assign + Inst. Reporter | SNAC accounts: create, manage, assign roles, run reports |
| Peer vetting | Enroll | Approve moderators, reviewers, content experts |
| Moderator | Editor-publish | Approve maintenance changes, posting those changes |
| Reviewer/editor | Contributor + Editor-publish | Maintainer privileges, interacts with moderators |
| Content expert | Contributor | Domain expert, may have zero institutional roles |
| Documentary editor | Contributor | (Any distinguishing roles?) |
| Maintenance | Contributor, constellation | May be older terminology for "contributor" |
| Researcher | Researcher | Use the discovery interface and history dashboard |
| Archival description donor | Block upload | May do bulk uploads of EAC-CPF, finding aids, etc. |
| Name authority manager | Name authority | (superceded by Editor-NACO?) |
| Institutional admins | Institutional reporter | May run institutional reports |
| Public | Public | No SNAC account, single session dashboard |
| Contributor | Create/edit + Ontology propose | Creates/edit constellations, propose ontology headings |
| Author | Create/edit+Publish+Propose Del/Emb+Propose NACO | A contributor, with additional privileges |
| Editor | Create/edit+Publish+Delete/embargo+NACO | Review constellations, approve and publish |
| Author-NACO | Create provisional NACO | Creates NACO entries, sends to editor for submission |
| Administrator | Author + editor + enroll + assign | Everything, only own institution |
| Administrator-super | Administrator + any institution | Admin plus assign roles for any user of any institution |
### What data has to be stored for the user ### What data has to be stored for the user
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment