Different Permission Tiers for Users - Creating a sub-Admin/super-Viewer role that can submit and edit, but not review or administrate

[Arta Seyedian]

Hello,

I am struggling with setting up the DSpace Workflow because we want to configure the item submission process in the following way:

1. There are users called "Viewers" who are simply allowed to view and maybe export items but nothing more (default, non-privileged DSpace user)

2. There are "Depositors" who are allowed to deposit items into DSpace like a drop box and even edit metadata but nothing more. Anything they submit must go through a review process.

3. Full admins.

It seems, however, that out-of-the-box, DSpace only supports 1 and 3. I am trying to understand how to create 2. Unfortunately, it doesn't seem like DSpace's Workflow configuration has a built-in "can submit" permission/step. 

Ideally, we would like to just create an elevated Viewer role that can submit items and edit metadata, but doesn't have access to the Admin sidebar. Have others implemented something like this? How did you approach it?

Thank you,

Arta