Listings of User Roles and Privileges

From EPrints Documentation
Revision as of 00:50, 30 August 2022 by Drn@ecs.soton.ac.uk (talk | contribs) (User Privileges: added subject privs with descriptions)
Jump to: navigation, search

This page is intended to be a near exhaustive listing of roles and privileges that can be assigned to a user to allow them to carry out certain actions.

Contents

User Roles

admin
indexer/start, indexer/stop, indexer/force_start, create_user, subject/edit, staff/user_search, staff/history_search, staff/issue_search, config/view, config/view/xml, config/view/workflow, config/view/citation, config/view/phrase, config/view/namedset, config/view/template, config/view/static, config/view/autocomplete, config/view/apache, config/view/perl, config/test_email, config/imports, config/add_field, config/remove_field,config/regen_abstracts, config/regen_citations, config/regen_views, config/edit/perl, storage_manager, repository/epm, event_queue/destroy, #event_queue/details/event_queue/details, event_queue/edit, event_queue/export, event_queue/view, eprint/destroy, eprint/details, eprint/edit, eprint/export, eprint/upsert, eprint/view, eprint/archive/remove, eprint/archive/edit, file/destroy, file/export, file/view, import/view, import/edit, saved_search/destroy, saved_search, saved_search/edit, saved_search/export, saved_search/view, user/remove, user/edit, user/view, user/details, user/destroy, user/history, user/staff/edit, repository/epm
change-email
Currently empty
change-user
Currently empty
deposit
items, create_eprint, user/history:owner, eprint/inbox/view:owner, eprint/inbox/export:owner, eprint/inbox/summary:owner, eprint/inbox/destroy:owner, eprint/inbox/deposit:owner, eprint/inbox/edit:owner, eprint/inbox/remove:owner, eprint/inbox/details:owner, eprint/inbox/history:owner, eprint/inbox/messages:owner, eprint/inbox/issues:owner, eprint/inbox/use_as_template:owner, eprint/inbox/derive_version:owner, eprint/buffer/view:owner, eprint/buffer/export:owner, eprint/buffer/summary:owner, eprint/buffer/move_inbox:owner, eprint/buffer/details:owner, eprint/buffer/history:owner, eprint/buffer/messages:owner, eprint/buffer/request_removal:owner, eprint/buffer/use_as_template:owner, eprint/buffer/derive_version:owner, eprint/archive/view:owner, eprint/archive/export:owner, eprint/archive/summary:owner, eprint/archive/details:owner, eprint/archive/history:owner, eprint/archive/messages:owner, eprint/archive/request_removal:owner, eprint/archive/use_as_template:owner, eprint/archive/derive_version:owner, eprint/deletion/view:owner, eprint/deletion/export:owner, eprint/deletion/summary:owner, eprint/deletion/details:owner, eprint/deletion/history:owner, eprint/deletion/messages:owner, eprint/deletion/use_as_template:owner, eprint/deletion/derive_version:owner
general
user/view:owner, user/details:owner, user/history:owner
edit-config
config/edit, config/edit/xml, config/edit/workflow, config/edit/citation, config/edit/phrase, config/edit/namedset, config/edit/template, config/edit/static, config/edit/autocomplete, config/reload
edit-own-record
user/edit:owner
editor
datasets, editorial_review, eprint/inbox/view:editor, eprint/inbox/export:editor, eprint/inbox/summary:editor, eprint/inbox/export:editor, eprint/inbox/details:editor, eprint/inbox/history:editor, eprint/inbox/messages:editor, eprint/inbox/remove_with_email:editor, eprint/inbox/move_archive:editor, eprint/inbox/move_buffer:editor, eprint/inbox/use_as_template:editor, eprint/inbox/derive_version:editor, eprint/inbox/edit:editor, eprint/inbox/takelock:editor, eprint/buffer/view:editor, eprint/buffer/export:editor, eprint/buffer/summary:editor, eprint/buffer/export:editor, eprint/buffer/details:editor, eprint/buffer/history:editor, eprint/buffer/messages:editor, eprint/buffer/issues:editor, eprint/buffer/remove_with_email:editor, eprint/buffer/reject_with_email:editor, eprint/buffer/move_inbox:editor, eprint/buffer/move_archive:editor, eprint/buffer/use_as_template:editor, eprint/buffer/derive_version:editor, eprint/buffer/edit:editor, eprint/buffer/takelock:editor, eprint/deletion/view:editor, eprint/deletion/export:editor, eprint/deletion/summary:editor, eprint/deletion/export:editor, eprint/deletion/details:editor, eprint/deletion/history:editor, eprint/deletion/messages:editor, eprint/deletion/move_archive:editor, eprint/deletion/use_as_template:editor, eprint/deletion/derive_version:editor, eprint/deletion/takelock:editor,
rest
eprint/archive/rest/get:editor, eprint/archive/rest/put:editor, eprint/buffer/rest/get:editor, eprint/buffer/rest/put:editor, eprint/inbox/rest/get:editor, eprint/inbox/rest/put:editor, eprint/deletion/rest/get:editor, eprint/deletion/rest/put:editor, eprint/inbox/rest/get:owner, eprint/inbox/rest/put:owner, eprint/buffer/rest/get:owner, eprint/archive/rest/get:owner, eprint/deletion/rest/get:owner, user/rest/get:owner, subject/rest/get
saved-searches
saved_search, create_saved_search, saved_search/view:owner, saved_search/edit:owner, saved_search/destroy:owner
set-password
set-password
staff-view
eprint/inbox/view, eprint/inbox/summary, eprint/inbox/export, eprint/inbox/details, eprint/inbox/history, eprint/buffer/view, eprint/buffer/summary, eprint/buffer/export, eprint/buffer/details, eprint/buffer/history, eprint/archive/view, eprint/archive/export, eprint/archive/details, eprint/archive/history, eprint/deletion/view, eprint/deletion/summary, eprint/deletion/export, eprint/deletion/details, eprint/deletion/history, eprint/search/staff
toolbox
toolbox
view-status
status

Roles used by User Types (as of EPrints 3.4.x)

minuser
general, edit-own-record, saved-searches, set-password, lock-username-to-email
user
general, edit-own-record, saved-searches, set-password, deposit, change-email
editor
general, edit-own-record, saved-searches, set-password, deposit, change-email, editor, view-status, staff-view
admin
general, edit-own-record, saved-searches, set-password, deposit, change-email, editor, view-status, staff-view, admin, edit-config

User Privileges

config

config/add_field

Add a bespoke field to a data object, using the web browser interface.

config/delete/FILETYPE

Delete a configuration file. This can optionally be restricted to a file of a particular FILETYPE: autocomplete, citation, namedset, perl, phrase, static, template, workflow, xml. Some of these types can overlap, e.g. workflow is also xml.

config/edit/FILETYPE

Edit a configuration file. This can optionally be restricted to a file of a particular FILETYPE: autocomplete, citation, namedset, perl, phrase, static, template, workflow, xml. Some of these types can overlap, e.g. workflow is also xml.

config/imports

Unused by default. Intended for managing bulk imports to a repository archive.

config/regen_abstracts

Drops the abstract pages cache so abstract pages can be regenerated.

config/regen_citations

Drops the citations cache so citations can be regenerated.

config/regen_views

Drops the browse view cache so browse view pages can be regenerated.

config/reload

Reload the repository configuration.

config/remove_field

Remove a field from a data object. (Only fields created via the web browser interfaces, not pre-created through archive configuration).

config/test_email

View the "Send test email" page to send a test email to a specified address to confirm email sending is working as expected.

config/view/FILETYPE

View a configuration file. This can optionally be restricted to a file of a particular FILETYPE: autocomplete, citation, namedset, perl, phrase, static, template, workflow, xml. Some of these types can overlap, e.g. workflow is also xml.

eprint

Some eprint privileges can be specialised by the STATUS of the the eprint (e.g. inbox, buffer, archive or deletion and the USERTYPE (e.g. owner or editor). The privilege eprint/view would allow the user to view any eprint, eprint/archive/view would only allow them to view eprints in the live archive and eprint/inbox/view:owner would only allow them to view eprints in the user workarea if they were owned by the user.

create_eprint

Create a new eprint, which will initial appear in that user's workarea.

eprint_search

View and use eprint search across live archive.

eprint/reject_with_email

Reject the eprint under review (returning to user's workarea) and email eprint's owner about this.

eprint/remove_once_archived

Completely remove an eprint even if it is or has been in the live archive.

eprint/remove_with_email

Completely remove an eprint and email eprint's owner to about this.

eprint/staff/search

View and use full eprint search across all statuses of eprint.

eprint/STATUS/deposit:USERTYPE

Deposit an eprint. Typically this would be just changing it status from inbox to buffer, so the eprint can be reviewed.

eprint/STATUS/derive_version:USERTYPE

Create a new version of a chosen eprint. Copying the metadata and setting the succeeds field to that of that chosen eprint.

eprint/STATUS/destroy:USERTYPE

Completely delete an existing eprint.

eprint/STATUS/details:USERTYPE

View the Details tab for an eprint.

eprint/STATUS/edit:USERTYPE

Edit the metadata for an eprint

eprint/STATUS/export:USERTYPE

Export the metadata for an eprint in one or more different formats.

eprint/STATUS/history:USERTYPE

View the History tab for an eprint.

eprint/STATUS/issues:USERTYPE

View the Issues tab for an eprint.

eprint/STATUS/messages:USERTYPE

View the Messages tab for an eprint.

eprint/STATUS/move_archive:USERTYPE

Move an eprint to the live archive. (I.e. change its status, normally from buffer to archive).

eprint/STATUS/move_buffer:USERTYPE

Move an eprint back to the review buffer. (I.e. change its status to buffer).

eprint/STATUS/move_deletion:USERTYPE

Retire an eprint. (I.e. change its status, normally from archive to deletion).

eprint/STATUS/move_inbox:USERTYPE

Move an eprint back to a user's workarea. (I.e. change its status, normally from buffer to inbox).

eprint/STATUS/remove:USERTYPE

Completely remove an eprint.

eprint/STATUS/request_removal:USERTYPE

Request that an existing eprint is removed, (e.g. because it is a duplicate or has been added erroneously).

eprint/STATUS/rest/get:USERTYPE

An eprint's metadata can be retrieved using the REST API.

eprint/STATUS/rest/put:USERTYPE

An eprint's metadata can be set using the REST API.

eprint/STATUS/view:USERTYPE

View an eprint and a rendering of its metadata

eprint/STATUS/summary:USERTYPE

View the Summary' tab of an eprint.

eprint/STATUS/takelock:USERTYPE

Take the edit lock on an eprint.

eprint/STATUS/upsert:USERTYPE

Overwrite the existing metadata for an eprint. Typically with a PUT request via an API not through the repository's web browser interface.

eprint/STATUS/use_as_template:USERTYPE

Use metadata from a chosen eprint to create a new eprint, which is not a new version of that chosen eprint.

event_queue

event_queue/destroy

Completely delete an event queue task.

event_queue/details

View the Details tab for an event queue task.

event_queue/edit

Edit an event queue task. (E.g. change the time it should run or reset its status if it has failed.)

event_queue/export

Export the metadata for an event queue task.

event_queue/view

View the metadata for an event queue task.

file

file/destroy

Completely delete a file record.

file/export

Export the metadata for a file record.

file/view

View the metadata for a file record.

import

import/view

View the metadata for an import.

import/edit

Edit the metadata for an import.

indexer

indexer/force_start

Force start the indexer, if the repository thinks it is still running but no event queue tasks are being processed.

indexer/start

Start the indexer if it is not currently running.

indexer/stop

Stop the indexer if it is currently running.

saved_search

Some saved search privileges can be specialised by USERTYPE (e.g. owner). The privilege saved_search/edit would allow the user to view any saved search record, saved_search/edit:owner would only allow them to edit their own saved search records.

create_saved_search

Create a new saved_search record.

saved_search

View listing or a user's saved searches.

saved_search/destroy:USERTYPE

Completely delete a saved search record.

saved_search/details:USERTYPE

View the Details tab for a saved search record.

saved_search/edit:USERTYPE

Edit the metadata for a saved search record.

saved_search/export:USERTYPE

Export the metadata for a saved search record.

saved_search/view:USERTYPE

View the metadata for a saved search record.

staff

staff/user_search

View and use the search over user records.

staff/history_search

View and use the search over eprint history records.

staff/issue_search

View and use the search over eprint issue records.

subject

subject/edit

View and edit the subject tree.

subject/rest/get

A subject's metadata can be retrieved using the REST API.

user

Some user privileges can be specialised by USERTYPE (e.g. owner). The privilege user/edit would allow the user to view any user record, user/edit:owner would only allow them to edit their own user record.

create_user

Create a new user.

user/destroy:USERTYPE

Completely delete a user record.

user/details:USERTYPE

View the Details tab of a user.

user/edit:USERTYPE

Edit a user's profile.

user/history:USERTYPE

View the History tab of a user. This includes the changes (revisions) they made to any eprint record.

user/mediate

Whether a user can mediate for (i.e. act as) another user. Required feature of SWORD API.

user/remove:USERTYPE

Remove a user record.

user/staff/edit

Unused by default. Intended for restricting parts of a user's profile to be edited by a repository admininistrator.

user/view:USERTYPE

View a user record's metadata.

Miscellaneous

datasets

View the "Manage records" page.

editorial_review

View the "Review" page.

items

View the "Manage deposits" page.

repository/epm

View the "EPrints Bazaar" page and install Bazaar plugins.

set-password

Unused by default. Intended for restricting whether a user can set their own password.

status

View the "Status" and "Database Schema" pages.

storage/manager

View the "Storage Manager" page.

toolbox

Use the toolbox CGI script (i.e. /cgi/toolbox/toolbox) to carry out a operation provided by EPrints::Toolbox. Dangerous: Do not enable without good reason."

Privileges for public roles

These privileges available to users without them needing to login. This mainly pertains to REST requests you may or may not want accessible.

+eprint/archive/rest/get
REST request to get metadata for an eprint in the live archive
+eprint/archive/rest/get
REST request to get metadata for a subject in the archive's subject tree.