-
Notifications
You must be signed in to change notification settings - Fork 15
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Updated version of GrSciColl permissions - roles and scopes #310
Comments
Here is an idea for a third model. It isn't entirely thought through, so perhaps I'm just adding confusion. GRSCICOLL ADMIN GRSCICOLL AUTHOR GRSCICOLL EDITOR Add machineTag namespaces to user profiles Issues Alternatively we also add identifier types to the user profile. So that an idigbio editor will get a special identifier type they can control. In this model someone from iDigBio (or a future partner), could control their own machine tags, while leaving the core entity to be edited by the collection owners. |
This is great, thank you all so much! My primary concern right now is this: Would an iDigBio editor be able to create new institutions/collections? It's not completely clear to me. I think it's necessary at least for collections, especially since I've already had to create a new collection at least once. Having machineTags be restricted is a VERY good idea, so I'm glad that's covered here. |
This is a requirement, so needs to be possible. The same is true for a scoped editor designated as the administrative agent for a country or institution. The third model looks like the correct level of granularity to me, as it has a simplicity that should prove robust for future development; any more intricate and we could find we're scared to make changes. The people assigned those clear roles would also be able to also review and apply changes offered through an open "suggest an edit" where their scope allows it. I feel we should capture all changes somehow as well, even if it is just a global log of changes applied (i.e. not automatically revertable, but can be searched and data extracted to be manually reapplied). |
Consensus: we will have three roles + the suggest a change (gbif/registry-console#376) + audit trail (see suggest a change). Some things to keep in mind / potential issues with this model are the following:
For that model to happen, we need:
|
All the changes of the registry API are deployed |
The permissions were originally defined here: "Add scopes for GrSciColl users": #179
But we now have four challenges:
We discussed many possibilities. For the purpose of the discussion, I tried to summarise some of the ideas in the following models (feel free to write a "new" model below if needed):
Model 1: super editor role + iDigBio is just an admin
In this case, we trust other admins to not edit iDigBio entry.
GRSCICOLL_ADMIN:
GRSCICOLL_EDITOR: (we assume only institution or collection scope available)
GRSCICOLL_SUPER_EDITOR (I assume we still have scopes here but we could also do without where this user is essentially a GRSCICOLL_EDITOR with scope for all institutions)
Example of admins: GBIF secretariat, iDigBio, maybe one or two members of the editorial Board
Example of editor: Collection manager, institution representatives, etc.
Example of super editors: Country representatives/Node managers, etc.
Model 2: super editor role + iDigBio editor role
In this case, we trust other admins to not edit iDigBio entry.
GRSCICOLL_ADMIN:
IDIGBIO_EDITOR:
GRSCICOLL_EDITOR: (we assume only institution or collection scope available)
GRSCICOLL_SUPER_EDITOR (I assume we still have scopes here but we could also do without where this user is essentially a GRSCICOLL_EDITOR with scope for all institutions)
Example of admins: GBIF secretariat, maybe one or two members of the editorial Board
Example of iDigBio editors: iDigBio people
Example of editor: Collection manager, institution representatives, etc.
Example of super editors: Country representatives/Node managers, etc.
Other ideas not integrated in these models
The text was updated successfully, but these errors were encountered: