Versions Compared

Old Version 3

changes.mady.by.user Emily Porter

Saved on

compared with

New Version 4

changes.mady.by.user Emily Porter

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Management FRG - Permissions Analysis and Matrix

...

While creating a work breakdown structure and analyzing tasks, the group made the determination to consolidate multiple permissions-related deliverables into one effort, since they were closely interrelated. As a preliminary step, the team conducting a three-part brainstorming session to identify repository entities, types of people/roles participating in long-term management of repository assets, and verbs/activities. This information was further refined to produce the Management User Profiles and also helped inform the matrix in Appendix C.

...

The following user stories, which reference role names based on the group’s Management User Profiles, capture local Emory needs which may not be achievable within the current Hyrax permissions model. These stories have been shared with the Samvera Permissions Analysis Working Group for appraisal.

  1. As a Repository Administrator or Collection Manager, I want to assign permissions at the top level of an entity and have them propagate to their children, but be override-able at lower levels if needed, so that it is faster for me to assign permissions to appropriate internal staff users on a collection by collection basis

  2. As a Repository Administrator or Collection Manager, I want self-service ability to assign and maintain a set of users within an existing permissions group, so that I don't have to request developer assistance or application redeployment to perform routine tasks

  3. As a Repository Administrator, I want self-service ability to create a Group of users that I can assign to various permissions, so that I don't have to request developer assistance or application redeployment to perform routine tasks

  4. As a Collection Manager, I want to manage a subset of groups and users relative to my immediate organization, so that I can more easily manage my Library’s staff permissions without having to request full administrator access to the application

  5. As a Collection Manager, I want to restrict editing of selected parts of the digital object's metadata to specialized personnel, so that I can minimize unwanted changes to the object in its preservation state

  6. As a Repository Administrator or Collection Manager, I want to be able to view individual staff/assistants user activity for users modifying objects/files in my collections/department only, so that I can contact a specific user about their work

  7. As a Collection Manager, I want to run reports about analytics and inventory that are scoped to my Library or collection hierarchy only, so that I can exclude extraneous data about other Libraries' content and users

  8. As a Repository Administrator, I want to restrict Deletion capabilities to Admins only or enforce via a workflow, because deletion is subject to local policy

  9. As a Repository Administrator, I want to be able to deselect/select individual abilities assigned to a System Role in a self service capacity, so that I can customize default system Roles with less developer assistance

  10. As a Repository Administrator or Collection Manager, I want to manage visibility and edit access to Preservation Workflow metadata related to a work, so that I can minimize unwanted changes to preservation audits for an object

The following Emory-specific user stories were also captured, but which may be achievable through minor customization or local configurations, and have also been shared with the Samvera Permissions Analysis Working Group:

  1. As a Collection Manager, I want to assign a primary Library collection affiliation for a work, but be able to control its use in an Exhibition collection that might include works from other Library Collections, so that its source context is not lost if it is added to a user created or exhibit collection and so that I can manage permissions at the Collection-level

  2. As a Repository Administrator, I want to constrain the types of Collections that Self Deposit/non-Library users create, so that user-created collections are not competing with Library-curated collections in search and discovery context

  3. As a Collection Manager or Self-Depositor, I want to embargo sub-levels of the work, so that sensitive or proprietary details included in an abstract or table of contents for my work are not visible, but other metadata is

  4. As a Repository Administrator or Collection Manager, I want to manage visibility and edit access to agreements/Deeds of gift or sale, so that this information is preserved but not editable or viewable except by selected staff

  5. As a Repository Administrator, I want to generally delineate Library Staff/curating users from self deposit users, so that I can restrict certain system-wide activities to users who are Library staff only

  6. As a Repository Administrator or Collection Manager, I want to restrict editing of selected parts of the digital object's supplemental preservation files to specialized personnel, so that I can minimize unwanted changes to the object in its preservation state

Additional Recommendations for Implementation

...

The functional requirements noted inform levels of visibility that the system can enable; actual assignment of visibility to material is subject to Emory Libraries policy and procedure. Hyrax documentation indicates “Visibility only controls who can view or download your work – it does not control edit access.” When view permissions are assigned for an object or file, those same settings apply to download options.

Standard Hyrax Software Levels of Visibility:

  1. Public:Public makes the work available to the general public. Metadata is available to be crawled by search engines for discovery.

  2. Institution: restricts access to works and work metadata to users with login privileges. Users will need to be logged into the repository to access the work. (Note: Institution does not mean the Emory campus network:it means that  any authenticated/internal repository system users can view it, relative to other settings assigned at the Admin Set or Collection level.)

  3. Embargo:lets you restrict access to Private or Institution until a specified date, when it will be opened to the public or your institution

  4. Lease:permits access to the work to the public or Institution until a specified date, when it will be restricted to Private or your institution

  5. Private (Note: this status is not fully documented, but appears to mean only visible to the work owner or Administrator only)

Emory Visibility Customizations Requested

  1. IP-range restriction for Reading Room access

  2. IP-range restriction to restrict visibility to Emory campus network users only (Emory network/VPN connection required to view)

  3. Custom embargo duration lengths

    1. ETDs: 6 months, 1 year, 2 years, 6 years

    2. Emory FIRST to OpenEmory embargo durations: 6 months, 12 months, 18 months, 24 months, 36 months, 48 months, Indefinite.

    3. Ensure open-ended date ranges (Hyrax default) are also available for Libraries’ Admin Sets/Collections

  4. Custom embargo for sub-object levels: (e.g. ETDs)

    1. Embargo content files

    2. Embargo content files and Table of Contents

    3. Embargo content files, Table of Contents, and Abstract

...

The matrix entries were based on known DLP requirements produced by other FRGs as well as available permissions-related documentation in the Hyrax Developer Knowledge Base, primarily the Manager’s Guide for version 2.x.