Creating private URL not possible for the role "Contributor"

[sergejzr]

Dear Dataverse Community,
we were looking for ways the standard roles (e.g. "Curator", "Contributor", etc.) can be edited, but could not find a solution so far.

The concrete problem we are facing at the moment is that a Contributor can not create private URLs after uploading a dataset. This always needs to be done by administrators at the moment. I guess it is because "Contributor" is missing the permisson "ManageDatasetPermissions".

Creating a new Role with required permissions does not solve the problem, because it can not be automatically assigned to a dataset uploader (unlike the "Contributor" role)

There might be other ways to achieve the behavior, but as I mentioned, we could not find any, unfortunately.

Thank you for your thoughts on this!
Sergej

[pdurbin]

Right, CreatePrivateUrlCommand calls AssignRoleCommand which requires ManageDatasetPermissions (for a dataset).

It look like the user would have enough permission as a Curator (at the dataset level) to create a Private URL...

... but is that too much power?

[sergejzr]

Thanks Phil, yes, we have to run through an internal review process before publishing the dataset, so the "PublishDataset" permission would be too much, also adding Dataverses should not be possible for any user who just published a dataset...

[DS-INRAE]

Hello,
you can actually set a custom role as the default role for dataset creators, but it has to be done via API (https://guides.dataverse.org/en/latest/api/native-api.html#assign-default-role-to-user-creating-a-dataset-in-a-dataverse-collection).
I guess the issue is then twofold :

• ability to add other roles as default via the UI (I don't think there's any issue on this)
• distinguish the permission to create private and the managedatasetpermissions permission (which gives you the right to set yourself or others as admins and therefore to bypass the restriction on publication), I was certain there was an issue on this but I didn't find it with my quick search

[sergejzr]

Absolutely right, thanks!
The temporary solution to set a default role using the API works and we can use it for now, i think, although the additional access permissions set by users my caus some troubles.

I aslo absolutely agree with your splitting the problem into two those subproblems.

[pdurbin]

There's a related discussion kicked off by @vera here: https://groups.google.com/g/dataverse-community/c/wZfSTBiJuPQ/m/F_feNKA1BwAJ

[pdurbin]

Also related:

• Everything but publishing Role #9358

[DS-INRAE]

I went ahead and created this issue for the UI part, I didn't add one to split off a ManagePrivateUrl permission, as I'm currently not sure that whether or not #9358 would be best at least for us, @sergejzr feel free to create it or rename this issue if necessary for you :)

[DS-INRAE]

Hello again,
I finally decided to create an issue for a ManagePrivateUrl permission, to have a more detailed issue on this specific aspect:

• Add a ManagePrivateURL permission #10574