"Authorizing a user in the role of DCX reviewer" does not apply any more

[robertoostenveld]

There was this section in the protocol for admins.

7. Authorizing Users at the Center Level

1. Authorizing a user in the role of DCX reviewer. Only DCX reviewers can view the data of all of a center’s collections. This role may be give to the center’s scientific integrity officer, as well as to the members of an audit committee.

I think that this does not apply any more, since we don't have explicit reviewers like this.

Do you agree @EricMaris?

[robertoostenveld]

Please note that I rewrote it to

1) add users as employees for the center 2) remove employees if their contract ends

[hadrianswall]

I think we do need the role of a DCX reviewer. It is correct that we no longer have a reviewer role at the collection level, but I think we need one at the center level if we want the centra to perform systematic checks of whether collections are built according to the RDM protocol.

We may also call this role DCX_viewer. Actually, this is better because we also have a viewer role at the collection level, and both roles pertain to read access to the data, although at different levels (center vs collection).

What do you think @robertoostenveld?

[robertoostenveld]

@EricMaris

There is not an obvious existing DCX employee to whom these responsibilities could be assigned at the moment. And I don't think the directors have given us the mandate to assign such (new) responsibilities to any DCX employee. It would not be a job for temporary employees anyway, and I would not be able to identify permanent staff that would get this task.

As I interpret the expectations from the directors, the PI (and nobody else) takes this responsibility. The PI is already (in most cases) the collection manager, so no additional reviewer is needed.

Note that I am personally not happy with this, and do think that this is to be done by a person who has been assigned the responsibility AND the authorization to check, which means that that person should also impose real consequences if the collection fails to meet the requirements. But if there are no possible consequences, there is also not a reason to check/review.

[hadrianswall]

@robertoostenveld

In a meeting that we had with David Norris and Pieter Medendorp, David promised that he would have the collections associated with DCCN publications checked (Pieter hesitated, though). This would be a check without any consequences for the repository-internal workflow. However, it would have consequences in evaluation meetings that the director has with the responsible PI. These consequences may be less than what we have hoped for, but if we now remove the functionality to give someone read access to all of a center's collections, then I don't see how David (and maybe Pieter) can live up to his promise of having publication-associated collections checked.

If some PI groups do not build collections according to the protocol, I would like to remind David of his promise, and point him to the IT functionality that we have built to accommodate this. At the end, when it comes to enforcement, we depend on the directors and, if DI RDM is successful, I expect further discussions with the directors about this issue.

[robertoostenveld]

To allow the directors to check this, we need reporting tools. That is not to be discussed here, and is further away on the timeline.

[hadrianswall]

Reporting tools must follow the authorisations of the user that receives the reports. I don't think we can postpone this.

[robertoostenveld]

reporting tools are not part of this wiki, please file it as user story in Jira