Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Feature Request/Idea: Added more granularity to roles permissions #9190

Open
gwendoux opened this issue Nov 24, 2022 · 3 comments
Open

Feature Request/Idea: Added more granularity to roles permissions #9190

gwendoux opened this issue Nov 24, 2022 · 3 comments
Labels
Feature: Permissions Type: Suggestion an idea User Role: Curator Curates and reviews datasets, manages permissions

Comments

@gwendoux
Copy link
Contributor

gwendoux commented Nov 24, 2022
edited by pdurbin
Loading

Overview of the Feature Request
Currently the role permission has 13 items which includes rights to add/edit/remove/view dataverses and datasets, manage datasets or dataverses permissions or download files. These authorizations are sometimes too broad, giving too many rights to employees who have been authorize.

What kind of user is the feature intended for?
Admin, Superuser

What inspired the request?
This request is a follow-up to the following discussion on Dataverse Google Groups: https://groups.google.com/g/dataverse-community/c/4VM49qUqMGo/m/_HhjaJtwBAA

What existing behavior do you want changed?
Some installations need more granularity in defining role permissions in order to better define those roles. Some permissions include other rights that can be abused by other users or that can result in undesirable behavior.

Any brand new behavior do you want to add to Dataverse?
Added more specific rights and extend the number of role permission to allow more complex workflow and prevent abuse and/or side effects.

Any related open or closed issues to this feature request?
@meghangoodchild meghangoodchild mentioned this issue Jun 9, 2023
Closed
@pdurbin
Copy link
Member

pdurbin commented Sep 28, 2023

Related:

@pdurbin pdurbin added Type: Suggestion an idea User Role: Curator Curates and reviews datasets, manages permissions labels Oct 9, 2023
@DS-INRAE DS-INRAE mentioned this issue May 21, 2024
Open
@DS-INRAE
Copy link
Member

There should be a discussion on what specific permissions need to be split or clarified.
In the meantime I created an issue for the case of managing private URLs being included in ManageDatasetPermissions

@gwendoux
Copy link
Contributor Author

This issue isn't quite fully baked yet. In our case, we have some specific issues with permissions.

  1. The deaccession permission is "bundled" with ManageDatasetPermissions. For example, we have collection managers who manage datasets and dataverses within their collections, add contributors, etc. However, with this role, they can deaccession datasets, and sometimes this functionality has been abused by some.
  2. Contributors don't have the ability to accept or deny access to their restricted files. In our case, we apply a specific custom role for a contributor group that includes every contributor of the same collection. This custom role has "ManageFilePermissions" as an attribute. But when a visitor requests access, all users in the contributor group receive the access request, not just the contributors to the specific dataset in question.

Maybe I should create two new issues for each of these specific cases.

@DS-INRAE DS-INRAE mentioned this issue Jun 18, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Feature: Permissions Type: Suggestion an idea User Role: Curator Curates and reviews datasets, manages permissions
Projects
Cirad Dataverse
Status: Important/Needed
Recherche Data Gouv
Status: ⚠️ Needed/Important
Milestone
No milestone
Development

No branches or pull requests
3 participants
@pdurbin @gwendoux @DS-INRAE