center level authorization to view metadata

donders-research-data-management / rdm-wiki

Technical documentation for RDM

http://donders-research-data-management.github.io/rdm-wiki

1 stars 2 forks source link

center level authorization to view metadata #19

Closed robertoostenveld closed 7 years ago

robertoostenveld commented 8 years ago

in section 7. Authorizing Users at the Center Level there is now

"Also, DCX employees can view the metadata of all of a center’s collections."

Is this part of the planned implementation? If so, is there a user story that describes the requirements?

hurngchunlee commented 8 years ago

This feature has been implemented in the iRODS level and available right away in the CMS. No need for a new user story.

It is done via changes on user's organisationalUnit attribute. When the value is set to DCX, the user is automatically added to a corresponding iRODS group dcx_user. This group always has "read" permission on all DCX collection namespaces so that the collection and its attributes are visible to DCX employees. But the "read" permission is not inherited by any files or directories within the collection namespaces so that the collection content (files/directories) remains invisible to DCX employees.

robertoostenveld commented 8 years ago

Also this section seems to have been removed from the protocol. @EricMaris, am I right?

robertoostenveld commented 7 years ago

as normal user I can see a list of collections in which I mostly have a role (as manager, contributor or viewer). That is what I would expect, i.e. I do not expect to see all centre collections (nor details).

However, in di.dcn_m.DAC_0123456789_979 I can see the attributes. Furthermore, I can access the data through webdav. That seems a bug to me. @hurngchunlee can you investigate?

hurngchunlee commented 7 years ago

@robertoostenveld - you are the viewer of di.dcn_m.DAC_0123456789_979. Therefore you see it and can download data from webdav. I can understand your confuse, as now the viewer list is only visible to managers (not contributor nor viewer)

btw, the collection is created for data transfer test.

robertoostenveld commented 7 years ago

"I can understand your confuse, as now the viewer list is only visible to managers (not contributor nor viewer)" -> ah yes, I forgot!

That is actually quite confusing. Should we change it(*) such that the viewer can see him/herself that he/she is a viewer (but not see the other viewers)?

*) i.e. submit a low-priority jira issue

hurngchunlee commented 7 years ago

issue created.