Versions Compared

Version Old Version 13 New Version Current
Changes made by

Megan Forbes

Megan Forbes

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Migrated to Confluence 4.0

User Story Summaries are for capturing notes about broad user stories, or user story themes, related to a particular topic. These may be used as inspiration and source material for creating specific user stories, which may in turn be implemented in various system releases. Some of these broad stories, or themes, may not be implemented in the 1.0 release.

Go to Authentication Functional Requirements Home
Go to Authorization Functional Requirements Home

Security/Authentication

User can login to the system using a name and password

...

Admin can create one or more roles, e.g. Administrator, Data Entry Clerk Curator, Registrar

Admin can assign c/r/u/d no access, read only, create/update, or delete permissions to a role at the collection , field, record, or function level

  • Collection level: Scenario 1Happy scenario 1: Bob is authorized to access collection object CO1 from collection ABC. Bob's attempt to access collection object CO1 from collection ABC should be allowed.
  • Happy scenario 2: Roger is a grad student at university XYU. Roger wants to access collections of collection ABC. Without proper authorization from collection ABC, all requests by Roger to access any part of collection ABC should be denied.
  • Field level: e.g. read permission only for accession numbers, but write permission for the rest of an object record.
  • Procedural/Record level: e.g. user can view loan records, but cannot update them. User cannot view valuation records. Scenario 1: Bob wants to update collection object CO1. However, Bob has only read permission to access collection ABC. Bob's attempt to update collection object CO1 should be denied. Scenario 2: Curator Calvin is working on collection object CO2 at ABC. Calvin has set exclusive privileges on CO2. He does not want anyone at ABC to access CO2. CO2 exists only for Calvin. Scenario 3:

Admin can assign no access, read only, create/update, or delete permissions to a role at the procedural level

  • Alice is in legal at ABC. She has permissions to access loans. However, she does not have any permission to access CO1. Alice should be allowed to access loan L1 but she should not be allowed to access CO1. Scenario 4:
  • Bob is authorized to access (view-only) loans. However, he is not allowed to see the transaction details of any loan.

Admin can assign no access, read only, create/update, or delete permissions to a role at the field level

  • Carol has write access to collection object CO1 from collection ABC. Bob's attempt to access CO1 from ABC should be allowed.Function level: e.g. user C01, but she has read only access to C01's accession number

Admin can assign no access, read only, create/update, or delete permissions to a role at the function level

  • Ted can change the status of a vocabulary term (e.g. from provisional add to accepted term).approved

Admin can assign one or more roles to a userno access, read only, create/update, or delete permissions at the item level (rare)

  • Curator Calvin is working on collection object CO2 at ABC. Calvin has set exclusive privileges on CO2. He does not want anyone at ABC to access CO2. CO2 exists only for Calvin.

Admin can remove one or more roles assigned to a user

...