Introducing additional access roles, a way to assign users to specific metadata items, as well as grant them unique permissions around the items they’re assigned!
What are additional access roles?
Registry Administrators, Stewardship Organisation Administrators and Stewardship organisation stewards can now navigate to the ‘Manage Additional Access Roles’ tab of a Stewardship organisation’s settings.
Additional access roles can be created for use by members of the Stewardship Organisation they are added to. Selecting ‘Add additional access role’ will allow users to choose a name, and any special permissions afforded to the new role.
The available permissions that can be attached to an additional access role are as follows:
- Edit locked items: Allows users with this access role to edit assigned items that are locked
- Edit unlocked items: Allows users with this access role to edit all assigned items
- Add alternative name: Allows users with this access role to manage an assigned item’s alternative names (even if ‘Edit unlocked items’ is unticked)
- View additional access for item: Allows users with this access role to access a list of other users and access roles which are assigned to the same item as them
- Grant additional access for item: Allows users with this access role to assign other users and access roles to an assigned item
- Revoke additional access for item: Allows users with this access role to revoke access roles from other users assigned to the same item as them.
Once you’ve configured a new additional access role to your liking, create it by selecting ‘Create Additional Access Role’.
Note: The ‘View item’ permission, which allows users with the access role to view the items assigned to them, is always enabled for all additional access roles.
Once created, additional access roles can be edited from the dropdown in their row. All fields that were editable during creation can be readjusted during editing.
Once an additional access role is created, any of the following user types can assign it to a user and item via the relevant item’s actions dropdown:
- A Registry Administrator
- An Administrator of the relevant Stewardship Organisation
- A manager of the relevant workgroup
- Any users who have already been assigned an access role for this item, which itself has a ‘User access permission’ enabled in its configuration.
Users with permission can then select ‘Add user’, and choose a user from the item’s Stewardship Organisation to assign this item to, along with their access role. Multiple users can be assigned a role and item in one action.
Once a user has been assigned an additional access role and an item this way, they are granted the permissions configured for the role when working with that item.
For example, a user with the ‘Example Add. Access Role’ configured in the screenshots above would be able to edit any item assigned to them so long as it is not endorsed to a locked registration status, as they possess the ‘Edit unlocked item’ permission but lack the ‘Edit locked item’ one.
From the ‘Manage additional access’ page, a list of users assigned to the relevant item can be filtered, or the users’ access roles changed and revoked in bulk. The ‘stewardship organisation’ link can also be selected to quickly navigate back to the ‘Manage Additional Access Roles’ tab of the Stewardship Organisation!
‘View history’ will take you to a page which lists the full history actions regarding the users and roles that have been assigned to this item.
If an item in their workgroup has been linked to any roles/users this way, workgroup managers can navigate to the new ‘Additional Access’ workgroup tab to see what users have been assigned to their items. Entries in the ‘Items with Access’ column can be selected to view the items assigned.
The ‘My Favourites’ dashboard tab has been renamed to ‘My Items’, and split into a page for favourites and tags (the previous functionality), and a new page for assigned additional access roles called ‘My assigned item roles’. From the side of a user who has been assigned an additional access role, this is where they can be reviewed!
The list that appears on this new page can be filtered and column-configured with the ‘Settings’ button (and the same goes for the similar page which shows assigned items from the workgroup’s ‘Additional Access’ tab earlier)!
Superusers can also review a user’s assigned additional access roles from their profile using the ‘Manage Users’ Admin tool.
Please enjoy the following video demonstrating the creation and assignment of an additional access role from a superuser’s perspective:
And finally, this next video demonstrates the non-superuser perspective of reviewing, then using one’s additional access role! Note that the user in this recording does not have any editing permissions outside of their assigned additional access role, meaning they would not ordinarily be able to edit the item they were assigned.
How do additional access roles benefit users?
Additional access roles were developed as a way to allow Administrators to assign more specific roles and responsibilities to registry users, in the case that the pre-existing structures of Stewardship Organisation and workgroup roles and item ownership does not perfectly align with business needs.
For example, if an organisation making use of their Aristotle Metadata Registry found that they needed a user who should not necessarily belong to any of their already-configured workgroups to be able to edit an item belonging to one of these workgroups, these editing permissions can now be granted to that user on a per-item basis, bypassing the need for them to be a member of any of the relevant workgroups at all!
Overall this feature allows the Aristotle Metadata Registry to cast a wider net over organisational structures, and helps to support unique business roles/units who may not fit into the traditional Stewardship Organisation > Registration Authority > workgroup structure.
Your feedback matters
Your feedback is invaluable as we continue to innovate and improve the Aristotle Metadata Registry. We’ve designed this feature with your metadata management needs in mind, and we want to hear from you. Please don’t hesitate to reach out with suggestions, ideas, or questions!