Groups
Last updated
Last updated
User groups are used to assign user permissions in LIBSAFE to the registered users, to classify these according to their roles and also to define the access they have to the preservation repository.
User groups should be defined considering the following aspects:
Whether the user is a system administrator, a preservation administrator (manager), a producer or a consumer. Other roles may be applied, but it has to be taken into account that the defined permissions are designed based on the listed roles.
The defined preservation areas, for those users where this is relevant.
Assigning permissions through groups (profiles) is common in the computer community, to limit the risks of an improper access to data, as well as to protect the confidentiality, integrity, and survival of the involved systems.
In small size installations, it may be reasonable to ignore preservation areas when assigning permissions, and thus making a grouping structure. In big size installations, it may be reasonable to limit ingestion areas through associated groups, at least to producers. In installations that imply confidentiality or rights management and limitations, it may be reasonable to limit retrieve areas, through associated groups, to the designated community.
User groups may be activated and deactivated, without any implication as per their relation to specific users.
New and edit pages for groups are similar in case of access by a system administrator or by a user checking the definition data of the groups this belongs to. The difference is which of all the data fields is editable. The implied fields are:
Name of the user group.
Description.
Category. A DDL control allows for a single selection of one of the following: users, preservation administrator or system administrator. This is an important association, for the later management of permissions and the assignment of receivers for the notifications of the alarm system.
Status: active/inactive. Inactive groups have no effect, apart from not being shown in the selection areas.
Permissions. In a row with a sub-table with the permissions to associate. The system shows each permission: its association with the group or not, its category, and its association with preservation areas, if applicable (through a multiple selection DDL).