ckarpinski
commented
1 year ago Found another issue with importers being available to all - there is no deposit agreement acknowledgement when you bulk import.
Open ckarpinski opened 1 year ago
ckarpinski
commented
1 year ago Found another issue with importers being available to all - there is no deposit agreement acknowledgement when you bulk import.
bkiahstroud
commented
1 year ago Found another issue with importers being available to all - there is no deposit agreement acknowledgement when you bulk import.
This is not a requirement for this task, this is simply pointing out a problem with the current setup
ckarpinski
commented
1 year ago QUESTION/Concern - if a "registered user" is added as a depositor to an Admin Set will that then give them importer/exporter access with the new set up - right now it would. In our case I think it would be preferred that importer exporter access is only ever given by adding the user to a group with those permissions.
ShanaLMoore
commented
11 months ago Tested on the demo tenant
I created a new user "shana@scientist.com". When part of the Advanced Depositors I can see and visit the importers/exporters links.
When that user is just a depositor I can not. However I can still create a work.
ckarpinski
commented
11 months ago This part of the ticket is not yet happening - "users should only have access to importers/exporters that they created. (advanced option would be to be able to share them, i dont think we need that at this time)"
When I create a user with Advanced Depositor group they should not be able to see importers or exporters other accounts created. For our tenant we want libraries to be able to bulk upload but we dont want them to be able to run our admin imports or edit theme etc. or those by other libraries.
ckarpinski
commented
11 months ago Live site - I just added the role depositor to a user and logged in as them and they can see import/export and they can see all of them. They should not be able to see any of that
ShanaLMoore
commented
11 months ago rake hyku:roles:create_default_roles_and_groups
Summary
There appears to be no way to limit access to the importer/exporter tool. Any user who can deposit gets access to all the existing importers and exporters. They can edit or delete existing importers or exports that they did not create. (did not test what happens if they re run one)
We need this to not be the case. I checked in with Nic at PALS to see if this would also be beneficial to them. He suggested the second bullet list approach.
Importer/exporter should be something you can determine which users or user groups get access to - too much potential for making a mess or breaking things. Using the importer is not a beginner level task so we do not want all users that deposit works to have access to this.
Client confirmed 2023-11-09 to proceed with bullet number 2
users should only have access to importers/exporters that they created. (advanced option would be to be able to share them, i dont think we need that at this time)
Create an additional user group called "Advanced Depositors" that has the permissions Depositors have with the addition of access to importers/exporters, leaving "Depositors" to not have access to importers/exporters but still able to do one work at a time. (The first point should be covered in this pathway as well)
And/OR importer/exporter access would be part of the "depositors" group. But there would be an option to remove it from that group. (Possibly then it would be a permission that could be added to a custom group created by the admin - that may be the most flexible way to go)Acceptance Criteria
UPDATED per Client Review: