Technical information
In this section a brief overview of the rights management and user groups of easydb / Collections@UBT is given. For more information about the functionality of the system, please refer to our brief User's Guide in the Guides and documentation section or the original easydb documentation.
Rights Management
The rights management in Collections@UBT is in many parts multi-level, additive, and customizable by administrators in real-time. The rights management changes the searchability and visibility of data and data sets.
Essentially there is the possibility to
- define the rights and authorizations at the level of the system in order to control access for users and user groups to defined areas
- configure authorizations at the level of the content and thus control the visibility of records
Records management functions in said defined areas:
- object type
- pool
- tags
- record (Object / Data)
Rights assigned to the first two levels 'object type' and 'pool' refer to groups of records. They affect all records assigned to the respective range. The use of tags refers to groups of records as well as individual records.
In principle, it is possible to set up rights for individual users and user groups. By combining the system of data and user rights, a very differentiated management of rules is possible, as not only static access rights, but also dynamic rights processes can be represented.
- UserHide
-
Users are managed in easydb by administrators, members of groups that have the respective right predefined or in case of university members by means of the IDM system of the University of Bayreuth (LDAP). Apart from the administrators, members of groups that have the respective right predefined can indirectly create new users (for example, e-mail users with customized rights).
- GroupsHide
-
Each user is at least in one group or may be member of several groups. If a user is a member of several groups, all the rights which are granted in the respective groups add up and are assigned to the user.
In Collections@UBT respective rights are assigned groupwise (apart from created e-mail users, that may have customized rights choosen by the creating user). Details on user groups in Collections@UBT shown in the section below.
- Object typesHide
-
On this level, rights are assigned for all data records of an object type, including field rights (display, change, delete, ...) for various fields of the data model. These rights can not be withdrawn via other layers such as pools, tags and individual data sets themselves. Object types are created by administrators in the data model.
For object types with customized authorizations and field rights fitting the needs of your research or the presentation of your data, feel free to get in touch with us.
- PoolsHide
-
easydb stores records for whose object type pool management is enabled in pools. Said pools can be used:
- to structure the content
- to record organizational structure
- for data operations
Pools are managed in a hierarical structure. All the settings that are made in a parent pool are sent out to all children (including child children, etc.), so basically, the pools inherit configured attributes to their children, including the rights. These setting may also be overridden in the child pools (children).
On the pool level, user and group rights for records that are located in this pool (or in subordinate pools) can be defined (for example, the visibility of the pool to certain user groups / the public).
- to structure the content
User groups in Collections@UBT
In Collections@UBT three user groups with respective rights may apply to university members. Detailed information on the priveleges of any user group is shown in the overview below. Priveleges concerning data operations (e.g. download, sharing, ...) only apply, if respective rights are granted to single users or user groups.
Any university member logging in to Collections@UBT for the first time is categorized as 'LDAP user' (default user) in the first instance. If you intend to use Collections@UBT for sharing your data, please get in touch with us!
| worldwide | university members | |||
| Available functions | anonymous user | LDAP user | collection manager | collection administrator |
| Own user data | ||||
| Own account | x | ✔ | ✔ | ✔ |
| Edit own user data | x | ✔ | ✔ | ✔ |
| Manage own folders | x | ✔ | ✔ | ✔ |
| Share own folders (internally, by link) | x | ✔ | ✔ | ✔ |
| Data retrieval & receipt | ||||
| Access to search functions | ✔ | ✔ | ✔ | ✔ |
| Download data | ✔ | ✔ | ✔ | ✔ |
| Export data | ✔ | ✔ | ✔ | ✔ |
| Print data | ✔ | ✔ | ✔ | ✔ |
| Detailed view for metadata | ✔ | ✔ | ✔ | ✔ |
| Export metadata | ✔ | ✔ | ✔ | ✔ |
| View changelog | x | ✔ | ✔ | ✔ |
| Data provision | ||||
| Manage pools (create, delete) | x | x | ✔ | ✔ |
| Manage objects (create, copy, move, delete) | x | x | ✔ | ✔ |
| Use bulk editior | x | x | ✔ | ✔ |
| Use advanced importers (csv, json) | x | x | x | ✔ |
| View published objects | ✔ | ✔ | ✔ | ✔ |
| Publish objects | x | x | ✔ | ✔ |
| Unpublish objects | x | x | x | ✔ |
| Access rights | ||||
| Create user and registration (non-university members) | x | x | ✔ | ✔ |
| Grant permissions for created user | x | x | ✔ | ✔ |
| Grant permissions for existing user | x | x | x | ✔ |