Research Object has one author (creator) and this is a start point. Research object can have many contributors as well as be totally private, be read-only and so on. Everything depends on the Research Object mode defined by creator and permission granted by him.
- PRIVATE - private mode makes Research Object invisible for everyone who doesn't have specific permissions. People with the reader role can read, people with the editor role can read and edit this particular Research Object.
- PUBLIC - public is a default mode. It makes Research Object visible and readable for everyone. People with the contributor role can edit.
- OWNER - Can change Research Object mode, grant permission, delete Research Object, read and edit.
- EDITOR - Can read and edit (Can upload new resources to Research Object and edit those already existing).
- READER - Can read (Can search for Research Objected and its annotations. Can also download a Research Object or particular resource aggregated in this Research Object).
For simplicity, in the first implementation permissions can be applied only to Research Objects. The implementation and API should be easy to extend on other containers (folders) or even single resources if it's needed. In general in this concept everything what has own uri can be protected by access control policy if it's needed.
add new role/roles
delete an existing role
Setting Research Object mode