FAIR Permission Model
The permission model of FAIR Data Services is made up of three levels:
- Admin-level permission: privileges to administer the service.
- Dataset-level permission: privileges related to datasets and features where the dataset is the core entity (e.g. search)
- Dataset-level visibility: the level of visibility a dataset has within the service to other users.
A high-level summary of the permission model is shown below:
Roles are groupings of permissions. Four managed roles exist that group together permissions from either administration or dataset-level permissions. Custom roles can be created that can mix and match between administration and dataset-level permissions. See the ‘Role-based Access Control’ article for more information about available roles, creation and assignment to users.
Administration permissions are those that allow you to administer the service. This includes:
- Creating roles and assigning roles to users.
- Configuring the service to use custom links via the Configuration Vocabulary.
- Setting a predefined theme for the user interface to adopt.
These permissions are currently available to users that have the Admin role however a custom role can be created to adopt all or some of these permissions along with others. See the ‘FAIR Permissions’ article for a list of all permissions available in FAIR.
Dataset-level permissions are those related to datasets as well as features where the dataset is the core entity. Specifically these permissions allow the ability to:
- Create, read, edit and delete dataset entries
- Download metadata of a dataset entry
- Upload data (e.g. csv) to the dataset entry
- Search for datasets
- Request access to a dataset
See the ‘FAIR Permissions’ article for a list of all permissions available in FAIR.
The visibility of a dataset to other users in the service can be defined either at the time of creation or modified after creation. The visibility of the dataset is specified within the dataset and is not an explicit permission that can be assigned to a role. More information regarding dataset visibility, see the ‘Dataset Visibility’ article.