Skip to end of metadata
Go to start of metadata

RO protection

Research Object has one author (creator) and this is a start point. Research object can have many contributors as well as be totally private, be read-only and so on. Everything depends on the Research Object mode defined by creator and permission granted by him.

  • PRIVATE - private mode makes Research Object invisible for everyone who doesn't have specific permissions. Access to private ROs is given by permission links. The permission link is generated by author of RO for a particular user to let them read or edit.
  • PUBLIC - public is a default mode. It makes Research Object visible and readable for everyone. People with the contributor role can edit.
  • OPEN - It makes Research Object visible, readable and editable for everyone.

Roles

  • OWNER - Can change Research Object mode, grant permission, delete Research Object and edit.
  • EDITOR - Can read and edit (Can upload new resources to Research Object and edit those already existing).
  • READER - Can read (Can search for Research Objected and its annotations. Can also download a Research Object or particular resource aggregated in this Research Object).

Granularity

For simplicity, in the first implementation permissions can be applied only to Research Objects. The implementation and API should be easy to extend on other containers (folders) or even single resources if it's needed. In general in this concept everything what has own uri can be protected by access control policy if it's needed.

API

Granting Rules

add new role/roles

delete an existing role

query roles

Setting Research Object mode

set mode

query mode

add new role/roles

delete an existing permission link

query permission links

  • No labels