Access management in multi-institution Dataverse installation

28 views
Skip to first unread message

Philipp at UiT

unread,
May 29, 2017, 6:29:55 AM5/29/17
to Dataverse Users Community
As of today, we are running a single-institution installation of Dataverse. Employees and students at our university log in with their institutional credentials. Upon first log-in, a Dataverse account is created. Our main/root dataverse has the following access configuration: "Anyone with a Dataverse account can add datasets".

We are now testing a multi-institution installation of Dataverse, basically in the same vein as DataverseNL. In this new installation, the access configuration described above is somewhat unsatisfactory. We would like to change it to: "Anyone adding to this dataverse needs to be given access". However, we also would like to add new users automatically to selected user groups based on the affiliation, e.g. users with email addresses ending in @institutionX.no should be added to the user group "Institution X Dataset Creator".

Does anyone have any idea on how to accomplish such a solution? Maybe some of you already have implemented a script doing this? There are some previous threads on this/similar matters, i.a. one from DataverseNL, dating back to 2014 (see here), and a more recent one (see here). If I understood some of the replies to the last thread right, it is not recommended to add a script to for adding users to user groups to the core code, as this would make it more difficult to upgrade to new versions of Dataverse. Maybe there is another solution? An alternative, acceptable solution would be that the creation of a new account triggers an email to our curators, who then can add the new user to the appropriate user group.

Best,
Philipp

Philip Durbin

unread,
May 29, 2017, 7:35:45 AM5/29/17
to dataverse...@googlegroups.com
Hi Philipp,

A script on the side should be perfectly safe. You could write it in whatever language you want. It would call into existing Dataverse APIs that do things like:

- listAuthenticatedUsers
- createGroup
- addToGroup
- grantRoleOnDataset
- grantRoleOnDataverse
- getRoleAssignmentsOnDataverse
- getRoleAssignmentsOnDataset
- revokeRole


I first suggested this at https://groups.google.com/d/msg/dataverse-community/9uGLfUazWxU/_w0-iJhDAwAJ but I'm not sure if I'm being clear enough. I'm trying to say that Dataverse APIs expose a lot of user, group, and permission management. Hopefully, this means you can automate tasks as you see fit.

That said, I'd also encourage you to create a GitHub issue that describes the feature you want so that you don't have to write a bunch of scripts on the side.

Thanks,

Phil


--
You received this message because you are subscribed to the Google Groups "Dataverse Users Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to dataverse-community+unsub...@googlegroups.com.
To post to this group, send email to dataverse-community@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/dataverse-community/9c3d376d-b705-4974-9b59-822ddbce4c95%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.



--

Philipp at UiT

unread,
May 30, 2017, 1:25:06 AM5/30/17
to Dataverse Users Community, philip...@harvard.edu
Thanks, Phil, for good advice! I'll have a look at it together with our Dataverse system admin.

Best,
Philipp
To post to this group, send email to dataverse...@googlegroups.com.
Reply all
Reply to author
Forward
0 new messages