Why are we doing this? What user stories does it support? What is the expected outcome?
Purpose:
Certain organizations require all records to undergo a mandatory review process before publishing. Currently, any user can create communities and set the review policy to "open," which bypasses this mandatory review requirement without instance-level overrides.
Objective:
The goal is to ensure that community managers strictly adhere to organizational rules, minimizing the risk of human error and eliminating the need for instance-level permission overrides that complicate maintainability.
Previouse to invenio-rdm-recordsV15.6. overrides were needed on the instance level for both records and community permissions, the community permissions override still exists and should be removed.
Solution:
Introduce a community-creator role that limits community creation capabilities exclusively to authorized users. While these users will act as community managers, they will not have unrestricted control over community membership policies (e.g., they cannot set an open acceptance policy without review). This ensures compliance with organizational rules.
Summary
What are you proposing to change (high-level overview only)?
Proposed Changes:
Enforce Closed Review Policy: When the "Require Community on Publish" feature is enabled, enforce a closed review policy across all communities to guarantee that the mandatory review process is followed.
UI Adjustments: Modify the interface to hide or disable community creation and review policy options for users who lack the necessary community-creator role.
Community Creator Role: Establish a new role, "Community Creator," to restrict community creation privileges to selected, authorized users only.
Eliminate the requirement for instance-level permission overrides
Which resources do you have available to implement this RFC and what is your overall timeline?
Development Effort: Available to implement the remaining features.
Note: Creating a new RFC is a moderated process. Your request will be reviewed by the Invenio Architects on their weekly meeting. This is to aid scoping the RFC and avoid duplication of RFCs. If accepted, an architect is assigned to your RFC as your point-of-contact, and the architect will support you in writing the RFC.
Samk13
commented
2 weeks ago
Motivation
Purpose:
Certain organizations require all records to undergo a mandatory review process before publishing. Currently, any user can create communities and set the review policy to "open," which bypasses this mandatory review requirement without instance-level overrides.
Objective:
The goal is to ensure that community managers strictly adhere to organizational rules, minimizing the risk of human error and eliminating the need for instance-level permission overrides that complicate maintainability. Previouse to
invenio-rdm-recordsV15.6. overrides were needed on the instance level for both records and community permissions, the community permissions override still exists and should be removed.Solution:
Introduce a
community-creatorrole that limits community creation capabilities exclusively to authorized users. While these users will act as community managers, they will not have unrestricted control over community membership policies (e.g., they cannot set an open acceptance policy without review). This ensures compliance with organizational rules.Summary
Proposed Changes:
community-creatorrole.For more details see: 183
Resources
Development Effort: Available to implement the remaining features.