User roles and permissions
🚧 This section is still in active development and is subject to changes 🚧
There are three roles given to users: Project owner, project administrator (or project admin), and data contributor. Each role comes with a set of permissions that give access to different actions within Sprout.
Roles
Project owner
The project owner is designed for those users who want to create a new project to store data and who want full control over the project in Sprout. This role also includes having direct access to the database backend. Whoever creates a project is by default assigned the project owner role. A project owner can assign roles to any other user. In general, it is good practice to have at least two project owners, in case of any issues with the primary project owner (e.g. emergency or unavailable).
Project administrator
The project administrator (or project admin) role is designed for those who can take some of the responsibilities and tasks off of the project owner, without being given full control over the project. Ideally, a project admin user is someone who is familiar with the research data that is being stored.
Tasks relate to general and technical administration of the project, users, metadata, and data. For instance, some specific tasks might be:
- Assessing or correcting any issues in the quality of the entered data itself.
- Resolving any issues that the data contributors have during data upload.
- Creating the metadata structure, so that data can be uploaded to it.
- Updating the metadata content or structure.
Data contributor
The data contributor role is designed for those uploading data into Sprout. These users will likely be researchers, student assistants, lab technicians, or other research personnel from research or data collection centers.
The specific task of a data contributor is to upload data into metadata structures already created by either the project owner or project admin.
Permissions
We follow the CRUD (create, read, update, delete) framework when designing the permissions. There are a few types of objects in Seedcase Sprout: Research data, data about the research data (metadata), users within the project, and the project itself. Research data is the data that a user wants to store in Sprout. The metadata is the data about the research data. In order to store data, there needs to be the metadata structure created first.
Permissions for roles work hierarchically, in that a project owner has the same permissions as the project admin, which has the same permissions as the data contributor, but not the other way around.
| Action | Type of object | DC | PA | PO |
|---|---|---|---|---|
| Create | Research Data | X | X | X |
| Metadata | X | X | ||
| Project | X | |||
| Users | X | |||
| Read | Research Data | X | X | |
| Metadata | X | X | X | |
| Project | X | X | X | |
| Users | X | X | X | |
| Update | Research Data | X | X | |
| Metadata | X | X | ||
| Project | X | |||
| Users | X | X | ||
| Delete | Research Data | X | ||
| Metadata | X | |||
| Project | X | |||
| Users | X |