Skip to end of metadata
Go to start of metadata
User Story

An administrator may create, edit, or delete a role via the roles and permissions section of the administration menu. See below user stories for specific types of roles that may be created and edited in CollectionSpace 1.0.


UI -> Service mapping

Access -> Read

Write -> Create, Read, Update

Delete -> Delete

Read Only -> Read, No Update, No Delete

Note: For Read-Only permissions, the App layer would have to render pages only after checking if the user also has Update and/or Delete permissions at the service layer. ReadOnly permission enforcement would require the following 3 permission enforcements in the App layer:

  • Check if READ is allowed but also ...
  • make sure UPDATE is not allowed AND
  • make sure DELETE is not allowed

Dan has mentioned in the earlier STIM on this topic that, the app layer would perform its own access control check. Sanjay’s interpretation: when it comes to controlling the access on UI-owned resources such as pages, widgets, etc., the App layer would enforce additional access control.

Related User Stories:
Derived Stories:
*Service Layer Stories*
Service Story: Create, Read, Update and Delete Role [CSPACE-1293|] [CSPACE-1294|] [CSPACE-1295|] [CSPACE-1296|] Create, Read, Update and Delete Permission [CSPACE-1304|] [CSPACE-1305|] [CSPACE-1306|] [CSPACE-1307|] Associate Role with Permission(s) and vice versa [CSPACE-1299|] [CSPACE-1300|] [CSPACE-1301|] [CSPACE-1302|]
*Application Layer Stories*
Application Story: Application Story:
*UI Layer Stories*
UI Story: UI Story: