Roles and Permissions Requirements
- Megan Forbes
- Erin Yu (Unlicensed)
Owned by Megan Forbes
Definition
The management of system access, including read/write permissions for procedural, object, and organizational records.
Requirements
Adapted from the Canadian Heritage Information Network Collections Management Criteria Checklist
The system should allow authorized users to:
- Provide security for different levels of user, e.g. Administrator, Data Entry clerk, Curator, Public Access, Scholarly research, etc.
- Define security at the function level, e.g. allow a user to access data entry functions only.
- Limit access to one or more specific fields within the system, e.g. amending location information.
- Limit access to a specific record or group of records within the system.
- Restrict certain functions to authorized personnel only, e.g. certain user group has read-only access, another user group has ability to delete data.
Standards, Guidelines + Use Cases
Use Cases and Community Design Workshop Notes
The NIST Model for Role-Based Access Control: Towards a Unified Standard
Wireframes
Wireframes - Administration - Roles and Permissions