Managing Permissions

From OSF Wiki
Jump to: navigation, search

Introduction

This page covers the two major permissions topics related to a OSF for Drupal instance:

  1. Dataset permissions
  2. OSF for Drupal modules permissions

The dataset permissions have to do with accessing and managing the data. The modules permissions have to be with accessing the OSF for Drupal tool into the web portal.

How Dataset Permissions Work

In OSF, all the datasets are governed by a series of access permissions. What these access permissions specify are the CRUD permissions for every group of users that exists in the system.

In OSF for Drupal, everything dataset does have Create, Read, Update and Delete permissions attached to all defined Drupal Roles. This means that all the users that have a specific role will inherit the CRUD permissions associated to that role.

By example, if the History Images Iowa City does define full CRUD permissions to the Contributor role, then it means that all the users that have this role will have full CRUD permissions on that History Images Iowa City dataset.

Managing Datasets Permissions

To change the permissions of a dataset, you have to click the Datasets top menu item.

Datasets menu link.PNG

Then select the dataset for which you want to change the permissions and click the down arrow at the right of the Edit link. Then click on the Permissions link.

Changing dataset permissions.png

Then you will get redirected to the section of the Drupal Permissions page where you will be able to configure the dataset permissions.

Datasets permissions.PNG

Every dataset that has been registered to a Drupal instance will appears in the global Drupal Permissions page. Each of the dataset will be highlighted using a different color. It is very important to understand the layout of that page to be able to properly configure the permissions of a dataset.

In the Permission column, we have each colored dataset outlined. We have their name, the endpoint where they are indexed, and the the access permissions (one per row): Create, Read, Update and Delete.

Then you will have one column per Drupal Role. In a default OSF for Drupal instance, you have the following roles defined:

  • Anonymous user
    • This is the guest user. Everybody that access the Drupal portal without being logged in, will be the Anonymous user
  • Authenticated user
    • This is a Drupal authenticated and logged-in user
  • Administrator
    • This is a system administrator. Administrator users always have full CRUD permissions on all registered datasets
  • Contributor
  • Owner/Curator

Let's take a few examples to understand how the permissions should be configured.

  • You want all the guest users of your Drupal portal to be able to read information about a dataset
    • What will be required is that the Read row be checked for the Anonymous user column. Then you have to make sure that the Create, Update and Delete checkboxes are unchecked.
  • You don't want the guest users of your Drupal portal to be able to read information about a dataset
    • What will be required is that you make sure that the Read row is unchecked for that dataset.
  • You want the Contributor users to be able to Create, Read and Update content, but not to delete it
    • What will be required is that the Create, Read and Update rows be checked for the Contributor column. Then you have to make sure that the Delete checkboxe is unchecked.

OSF for Drupal Modules Permissions

These are all the Drupal modules permissions that are related to OSF for Drupal. In this section, we are describing the impact of each of these configurable permission.

  1. OSF Entities Connector
    1. Administer resource types
      1. Specifies if the role can create, modify and delete resource type entities
    2. View resource
      1. Specifies if the role can view individual resource pages
    3. Edit resource
      1. Specifies if the role can edit individual resource pages. This will show the 'Edit' tab on the resource pages
    4. Export resource
      1. Specifies if the role can export individual resource pages in different exportation formats. This will show the 'Export' tab on the resource pages
    5. Advanced edition of ontologies resource
      1. Specifies if the role can can edit ontologies resources (classes and properties)
    6. Delete resource
      1. Specifies if the role can delete an individual resource page. This will show the 'Delete' tab on the resource pages
    7. Administer OSF for Drupal Entities
      1. Specifies if the role can create, modify and delete resources
    8. Add Resource Entity Records
      1. This displays the + Add link to add a new resource in the resources tab
    9. View revisions of resource entities
      1. Specifies if the role can view the revisions tab for the resources
    10. Revert revisions of resource entities
      1. Specifies if the role can revert revisions of a resource
    11. Delete revisions of resource entities
      1. Specifies if the role can delete revisions of a resource
    12. Unpublish revisions of resource entities
      1. Specifies if the role can unpublish revisions of a resource
    13. Compare revisions of resource entities
      1. Specifies if the role can compare resource revisions
  2. OSF Export
    1. access osf export
      1. Specifies if the role can access the OSF Export module
    2. administer osf export
      1. Specifies if the role can administer the OSF Export module settings
  3. OSF Import
    1. access osf import
      1. Specifies if the role can access the OSF Import module
    2. administer osf import
      1. Specifies if the role can administer the OSF Import module settings
  4. OSF Ontology
    1. access osf ontology
      1. Specifies if the role can access the OSF Ontology module
    2. administer osf ontology
      1. Specifies if the role can administer the OSF Ontology module settings
  5. OSF Query Builder
    1. Access OSF Query Builder
      1. Specifies if the role can access the OSF Query Builder module
  6. OSF Search API Connector
    1. administer osf osf_searchapi
      1. Specifies if the role can access the OSF SearchAPI module
  7. OSF for Drupal Core
    1. access osf
      1. Specifies if the role can access the OSF Core module
    2. administer osf
      1. Specifies if the role can administer the OSF Core module settings
    3. access osf proxy
      1. Specifies if the role can access the OSF for Drupal proxy.
      2. The management of this permission is quite important since all the JavaScript applications that uses Ajax queries to the OSF Web Services are using this proxy.
  8. OSF for Drupal Search Profiles
    1. Administer search profiles
      1. Specifies if the role can administer the OSF SearchProfiles module settings
  9. OSF for Drupal config
    1. Administer OSF for Drupal configurations
      1. Specifies if the role can administer the OSF Configure module settings