Restricted dataset communication workflow

[Thomas Jouneau]

Dear all

I might be opening an issue about this but I want to check first if I'm
not missing something.

We want our users to be as free as possible regarding the communication
of the data they've uploaded and put in restricted access.

Some questions :

- Is there a way to enable an access request to someone without a
Dataverse account? We would ideally like to not have a new account
(builtin or Shibboleth) created with each access request ;

- When an access request is performed, all those with the permission
"ManageDatasetPermissions" receive a mail alert, but not the requester :
is this the way it should be?

- Is there a way to make the dataset creator more autonomous with these
requests? Someone with only the "Dataset creator" or the "Contributor"
role at the collection level will not receive any alert and won't be
able to grant access. They lack "ManageDatasetPermissions" at the
dataset level. Is there a way to grant the dataset creators, the right
to manage the permissions of their datasets, without having to ask the
curator every time?

Thanks,

Thomas

[Philip Durbin]

Hi Thomas,

When someone is granted access to a file, the permission needs to be added to an account. The current "request access" workflow facilitates the user creating an account before requesting access. This could work differently, I suppose, but we'd at least need to store an email address or some other way to contact the person who is requesting access. And eventually they'd need to create an account (again, to hang the permission on). The standard way for someone to informally request access (or ask any question) is to use the "Contact Owner" button.

I believe notifications are working more or less as designed but you are very welcome to open issues to discuss changes. There's been some amount of curation of open notification issues in this "revisit notifications" issue: https://github.com/IQSS/dataverse/issues/1336

With regard to permissions, they get complicated fast but you're welcome to open an issue about this as well. Recently we merged a pull request* where we split a permission in two, so who knows, perhaps additional slicing and dicing is possible. :)

I hope this helps,

Phil

* https://github.com/IQSS/dataverse/pull/8174

--
You received this message because you are subscribed to the Google Groups "Dataverse Users Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to dataverse-commu...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/dataverse-community/1da61bd2-3903-e97a-865f-87e30515b41b%40gmail.com.

--

Philip Durbin
Software Developer for http://dataverse.org
http://www.iq.harvard.edu/people/philip-durbin

[James Myers]

FWIW: If I understand correctly, the PR Phil mentions (supported by DANS) does exactly what you want – you can create a role similar to Curator that has the new ManageFilesPermission (which allows you to grant access requests) without the ManageDatasetPermission (which would let you assign yourself/others roles on the dataset) and give dataset creators that role so they can function as contacts and respond to access requests.

 

If not – feel free to provide more info on your use case and/or open an issue.

 

-- Jim

To view this discussion on the web visit https://groups.google.com/d/msgid/dataverse-community/CABbxx8GFtrN5Sx3BCwOwsGE7ar7dG%2Bc3EtpZkRNp1d3V3NiMYg%40mail.gmail.com.