SND: QC and Security

2024-03-28

In a Structured Narrative Dataset (SND) system, quality control (QC) and controlling access are key parts of managing data. Assigning a specific QC state to data entered can be used to automatically grant or deny user access based on the state of the data. This topic describes how to set up QC states and assign permission implications to them.

QC States

There are four QC states:

  1. In Progress
  2. Review Requested
  3. Completed
  4. Rejected
The workflow is 1-2-3 in the case of typical data, and 1-2-4 if the reviewer finds reason to reject the data.

QC states are populated via the SND admin UI, described below. This only needs to be done at startup.

Permissions and Roles

Each QC state has its own permissions assigned:

  • A. Read Permission
  • B. Insert Permission
  • C. Update Permission
  • D. Delete Permission
For example, possible permissions are: In Progress Read Permission, In Progress Insert Permission, In Progress Update Permission and In Progress Delete Permission, etc. Each can be assigned independently of other permissions for the same QC state.

To assign these permissions, create the necessary groups of users then assign the following user roles to the groups:

  • Basic Submitter
    • In Progress: Read, Insert, Update, Delete
    • Review Requested: Read, Insert, Update, Delete
    • Rejected: Read, Delete
  • Data Reviewer
    • In Progress: Read
    • Review Requested: Read
    • Completed: Read, Update
    • Rejected: Read, Update
  • Data Admin
    • In Progress: Read, Insert, Update, Delete
    • Review Requested: Read, Insert, Update, Delete
    • Completed: Read, Insert, Update, Delete
    • Rejected: Read, Insert, Update, Delete
  • Reader
    • Completed: Read
If a user is assigned more than one of these roles, such as by belonging to multiple groups assigned different roles, they will have the union of all individual permissions for each role.

Permission Validation

Permissions are verified on incoming requests. For insert, update and delete, the incoming QC state will be verified against the user's permissions. For example: A Data Reviewer can read 'Review Requested' data, then update the event to either 'Completed' or 'Rejected'.

The QC state is updated/validated using the saveEvent and getEvent SND APIs. Permissions are checked before any other kind of validation. Permission checks are done against the categories of the top level packages. If the user does not have the required permission for any of them, then the API action will return an error.

Permissions Assignment UI

To access the permissions assignment UI:

  • Navigate to the project or folder.
  • Select (Admin) > SND Admin.
  • First, under Controls, click Populate QC States to populate the SND states in the core module. This only needs to be done once at startup.
  • Next, under Links, click SND Security.

On the Security page, all Categories are listed in rows. The site and project groups defined are listed as columns. Use the pulldown menus to configure the desired roles for each group on each category.

Click Save when finished.

Related Topics