Hi, 
Guest
Pic
Sign In

talk@lists.collectionspace.org

WE HAVE SUNSET THIS LISTSERV - Join us at collectionspace@lyrasislists.org

View all threads

Permissions, computed fields and record locking

WH
William H. Titus
Fri, Mar 6, 2015 3:05 PM

I'm coming to CollectionSpace from an end-user perspective only but with application development experience in Advanced Revelation and OpenInsight.

I enjoy being able to follow the ongoing discussions on "Talk," the most recent of which prompt me to ask:

Does CollectionSpace include administratively assigned user access control levels that permit/prevent access to forms, records, and types or fields of data?

Can computed fields be modified to hide/show data based on the ACLs?

And are opened records locked to prevent simultaneous create, update or delete operations?

Thank you.

Bill

William H. Titus | Registrar
tel: 631.845.5011  |  fax: 631.423.2145
www.heckscher.orghttp://www.heckscher.org/
T H E  H E C K S C H E R  M U S E U M  O F  A R T
2 Prime Avenue  |  Huntington, NY 11743

I'm coming to CollectionSpace from an end-user perspective only but with application development experience in Advanced Revelation and OpenInsight. I enjoy being able to follow the ongoing discussions on "Talk," the most recent of which prompt me to ask: Does CollectionSpace include administratively assigned user access control levels that permit/prevent access to forms, records, and types or fields of data? Can computed fields be modified to hide/show data based on the ACLs? And are opened records locked to prevent simultaneous create, update or delete operations? Thank you. Bill William H. Titus | Registrar tel: 631.845.5011 | fax: 631.423.2145 www.heckscher.org<http://www.heckscher.org/> T H E H E C K S C H E R M U S E U M O F A R T 2 Prime Avenue | Huntington, NY 11743
RM
Richard Millet
Fri, Mar 6, 2015 4:36 PM

?Bill,

Thanks for joining the conversation.  Here is a brief summary of CollectionSpace's authorization (AuthZ) architecture:

CollectionSpace enforces permissions based on resource/record types only.  So if a user has read-access to a specific resource/record type (cataloging, intakes, etc) then they will read access to ALL resources/records of that type.  CollectionSpace does not attached ACLs to individual records.  Also, there is currently no way to enforce permissions on individual fields of a given resource/record type.

Users gain permissions via roles only.  A user with no assigned roles has no permissions.  Roles in CollectionSpace are a set of permissions for a given resource/record type.  A permission for a specific resource/record type can be: read-access, write-access, delete-access.  So, for example, a user assigned a role containing permissions with write-access to Acquisition resource/record types can create and update ALL acquisition resources/records in the system.

I hope that helps.  All of this is explained in more detail in the CollectionSpace User Manual.  Here is a link to it: http://wiki.collectionspace.org/download/attachments/153682512/User%20Manual%20v4_1.pdf

-Richard

From: Talk talk-bounces@lists.collectionspace.org on behalf of William H. Titus Titus@heckscher.org
Sent: Friday, March 6, 2015 7:05 AM
To: talk@lists.collectionspace.org
Subject: [Talk] Permissions, computed fields and record locking

I'm coming to CollectionSpace from an end-user perspective only but with application development experience in Advanced Revelation and OpenInsight.

I enjoy being able to follow the ongoing discussions on "Talk," the most recent of which prompt me to ask:

Does CollectionSpace include administratively assigned user access control levels that permit/prevent access to forms, records, and types or fields of data?

Can computed fields be modified to hide/show data based on the ACLs?

And are opened records locked to prevent simultaneous create, update or delete operations?

Thank you.

Bill

William H. Titus | Registrar
tel: 631.845.5011[X]  |  fax: 631.423.2145[X]
www.heckscher.orghttp://www.heckscher.org/
T H E  H E C K S C H E R  M U S E U M  O F  A R T
2 Prime Avenue  |  Huntington, NY 11743

?Bill, Thanks for joining the conversation. Here is a brief summary of CollectionSpace's authorization (AuthZ) architecture: CollectionSpace enforces permissions based on resource/record types only. So if a user has read-access to a specific resource/record type (cataloging, intakes, etc) then they will read access to ALL resources/records of that type. CollectionSpace does not attached ACLs to individual records. Also, there is currently no way to enforce permissions on individual fields of a given resource/record type. Users gain permissions via roles only. A user with no assigned roles has no permissions. Roles in CollectionSpace are a set of permissions for a given resource/record type. A permission for a specific resource/record type can be: read-access, write-access, delete-access. So, for example, a user assigned a role containing permissions with write-access to Acquisition resource/record types can create and update ALL acquisition resources/records in the system. I hope that helps. All of this is explained in more detail in the CollectionSpace User Manual. Here is a link to it: http://wiki.collectionspace.org/download/attachments/153682512/User%20Manual%20v4_1.pdf -Richard ________________________________ From: Talk <talk-bounces@lists.collectionspace.org> on behalf of William H. Titus <Titus@heckscher.org> Sent: Friday, March 6, 2015 7:05 AM To: talk@lists.collectionspace.org Subject: [Talk] Permissions, computed fields and record locking I'm coming to CollectionSpace from an end-user perspective only but with application development experience in Advanced Revelation and OpenInsight. I enjoy being able to follow the ongoing discussions on "Talk," the most recent of which prompt me to ask: Does CollectionSpace include administratively assigned user access control levels that permit/prevent access to forms, records, and types or fields of data? Can computed fields be modified to hide/show data based on the ACLs? And are opened records locked to prevent simultaneous create, update or delete operations? Thank you. Bill William H. Titus | Registrar tel: 631.845.5011[X] | fax: 631.423.2145[X] www.heckscher.org<http://www.heckscher.org/> T H E H E C K S C H E R M U S E U M O F A R T 2 Prime Avenue | Huntington, NY 11743
RL
Ray Lee
Mon, Mar 9, 2015 8:34 PM

Hi Bill,
To answer your last question, opened records are not locked, and there is
no warning if you save a record that someone else has modified since you
opened it. How much of a problem this is depends on the number of users and
their workflows, but it is certainly something that makes me nervous.

Ray

On Fri, Mar 6, 2015 at 7:05 AM, William H. Titus Titus@heckscher.org
wrote:

I'm coming to CollectionSpace from an end-user perspective only but with
application development experience in Advanced Revelation and OpenInsight.

I enjoy being able to follow the ongoing discussions on "Talk," the most
recent of which prompt me to ask:

Does CollectionSpace include administratively assigned user access control
levels that permit/prevent access to forms, records, and types or fields of
data?

Can computed fields be modified to hide/show data based on the ACLs?

And are opened records locked to prevent simultaneous create, update or
delete operations?

Thank you.

Bill

William H. Titus | Registrar
tel: 631.845.5011  |  fax: 631.423.2145
www.heckscher.org

T H E  H E C K S C H E R  M U S E U M  O F  A R T
2 Prime Avenue  |  Huntington, NY 11743

Talk mailing list
Talk@lists.collectionspace.org

http://lists.collectionspace.org/mailman/listinfo/talk_lists.collectionspace.org

Hi Bill, To answer your last question, opened records are not locked, and there is no warning if you save a record that someone else has modified since you opened it. How much of a problem this is depends on the number of users and their workflows, but it is certainly something that makes me nervous. Ray On Fri, Mar 6, 2015 at 7:05 AM, William H. Titus <Titus@heckscher.org> wrote: > I'm coming to CollectionSpace from an end-user perspective only but with > application development experience in Advanced Revelation and OpenInsight. > > > > I enjoy being able to follow the ongoing discussions on "Talk," the most > recent of which prompt me to ask: > > > > Does CollectionSpace include administratively assigned user access control > levels that permit/prevent access to forms, records, and types or fields of > data? > > > > Can computed fields be modified to hide/show data based on the ACLs? > > > > And are opened records locked to prevent simultaneous create, update or > delete operations? > > > > Thank you. > > > > Bill > > > > *William H. Titus* | Registrar > tel: 631.845.5011 | fax: 631.423.2145 > www.heckscher.org > > *T H E H E C K S C H E R M U S E U M O F A R T* > 2 Prime Avenue | Huntington, NY 11743 > > > > _______________________________________________ > Talk mailing list > Talk@lists.collectionspace.org > > http://lists.collectionspace.org/mailman/listinfo/talk_lists.collectionspace.org > >
Empathy v1.0   2025 ©emwd.com
Documentation