Versions Compared

Version Old Version 10 New Version 11
Changes made by

Megan Forbes

Megan Forbes

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

User Story Summaries

...

are for capturing notes about broad user stories, or user story themes, related to a particular topic. These may be used as inspiration and source material for creating specific user stories, which may in turn be implemented in various system releases. Some of these broad stories, or themes, may not be implemented in the 1.0 release.

Security/Authentication

User can login to the system using a name and password

...

Admin can view/export all user profiles
excerpt

Roles & Permissions / Authorization / Access Control

_Authorization is the process by which a properly appointed person or persons grants permission to perform some action on system resources on behalf of an organization.

Access control means protection of system resources against unauthorized access; a process by which use of system resources is regulated according to a security policy and is permitted by only authorized entities (users, programs, processes, or other systems) according to that policy._

User level permission (rare): User is working on collection object CO2 in collection ABC, and has set exclusive privileges on collection object. CO2. Object CO2 exists only for the specified user.

Tenant level permissions: User has complete administrative (super-user) privileges for ABC over its collection. However, user does not have any access to collection XYZ. Any attempt by user to access XYZ should be denied.

Admin can create one or more roles, e.g. Administrator, Data Entry Clerk Curator, Registrar

Admin can assign c/r/u/d permissions to a role at the field, record, or function levelExample functions: Record status (active, inactive, not approved, reinstate, etc.)

  • Field level: e.g. read permission only for accession numbers, but write permission for the rest of an object record.
  • Record level: e.g. user can view loan records, but cannot update them. User cannot view valuation records.
  • Function level: e.g. user can change the status of a vocabulary term (e.g. provisional add to accepted term).

Admin can assign one or more roles to a user

Admin can remove one or more roles assigned to a user

Admin can view all roles assigned to a user

Admin can view all users assigned to a role

Questions

What does it look like when a user has read/write permission for only five fields?