Rights management
| Rights management is only available in Arkindex Enterprise Edition. |
Each right is represented by a membership between a user and a specific resource, such as a group, a project, a worker, etc.
Depending on your role, you will have different privileges on each resources.
Roles
The permission granted by a membership is defined by a role allowing specific permissions.
Guest
Guest is the lowest access level.
A guest is only able to access resources concerned by its right. For example a guest member on a project will be allowed to access its associated resources (e.g. elements, transcriptions etc…) with a read-only access.
Contributor
Contributor is the intermediate access level.
A contributor is able to add new information with restrictions. For example, a contributor of a project is able to create a transcription on an element, or a metadata.
Administrator
An administrator has the highest access level.
-
They may edit other members on the target they administer
-
They may create/edit or delete any resource depending on the target
In other terms, an administrator of a project is allowed to delete a metadata on an element, delete the element itself and even delete the entire project.
Grant access to resources
A role on a resource grants different access levels depending on the resource nature and role level.
Group access
Groups memberships can be accessed from your profile page. Please refer to manage a group section for more information.
Project access
You can manage access rights to a project if you have an admin access yourself.
Once on the corpus management page, permissions can be edited from the members section at the bottom of the page. Members of a project can either be users or groups.
Members can be deleted using the trash button. Their access level can be edited directly from the table. Those actions are disabled for non admin members.
To add a new member, you may use the form at the bottom of the table. The identifier is an email address for a user or an unique ID for a group. You may have to ask the group ID to one of its member if you are not a member yourself.
Please note that as for other resources, at least one user or group must have an admin right to a project.
Project permission table
| action | no right | guest | contributor | admin |
|---|---|---|---|---|
Navigate in public projects |
✅ |
✅ |
✅ |
✅ |
Navigate in private projects |
❌ |
✅ |
✅ |
✅ |
Download an existing export |
❌ |
✅ |
✅ |
✅ |
Generate an export |
❌ |
❌ |
✅ |
✅ |
Import new elements (from files or IIIF paths) |
❌ |
❌ |
✅ |
✅ |
Create annotations |
❌ |
❌ |
✅ |
✅ |
Create a transcription/class/metadata on an element |
❌ |
❌ |
✅ |
✅ |
Manage members |
❌ |
❌ |
❌ |
✅ |
Delete elements |
❌ |
❌ |
❌ |
✅ |
Start a process |
❌ |
❌ |
❌ |
✅ |
Start a dataset process |
❌ |
❌ |
❌ |
✅ |
Worker access
Workers are resources required to run Machine Learning workflows.
A user can see the workers they can execute from Workers in the top right user menu. After selecting a worker in the left panel, worker memberships can be managed under the Members tab.
Worker permission table
| A Guest role has no meaning for workers as a Contributor role is required to list or execute them. |
| action | no right | guest | contributor | admin |
|---|---|---|---|---|
Lookup the worker that created a resource (e.g. element, class, transcription) |
✅ |
✅ |
✅ |
✅ |
List workers |
❌ |
❌ |
✅ |
✅ |
List versions associated to a worker |
❌ |
❌ |
✅ |
✅ |
Run a process with a worker |
❌ |
❌ |
✅ |
✅ |
Edit a worker |
❌ |
❌ |
✅ |
✅ |
Create a new worker version for a worker |
❌ |
❌ |
❌ |
✅ |
Archive a worker |
❌ |
❌ |
❌ |
✅ |
Delete a worker |
❌ |
❌ |
❌ |
✅ |
Manage members |
❌ |
❌ |
❌ |
✅ |
Public workers
Some workers are public: any registered user can run a process with a public worker. Other actions, such as editing, archiving or deleting the worker, remain restricted to users with administrator rights on the worker.
| action | no right | guest | contributor | admin |
|---|---|---|---|---|
Lookup the worker that created a resource (e.g. element, class, transcription) |
✅ |
✅ |
✅ |
✅ |
List public workers |
✅ |
✅ |
✅ |
✅ |
List versions associated to a public worker |
✅ |
✅ |
✅ |
✅ |
Run a process with a public worker |
✅ |
✅ |
✅ |
✅ |
Edit a public worker |
❌ |
❌ |
✅ |
✅ |
Create a new worker version for a public worker |
❌ |
❌ |
❌ |
✅ |
Archive a public worker |
❌ |
❌ |
❌ |
✅ |
Delete a public worker |
❌ |
❌ |
❌ |
✅ |
Manage members |
❌ |
❌ |
❌ |
✅ |
Process access
Processes are mainly used to import data on a project or process existing elements (e.g. classify or create transcriptions). The access to a process is defined by rights on the project they run. A user may track the progress of a visible process, with its tasks artifacts.
Model access
A user can see the Machine Learning models they have access to from Models in the top right user menu. From this page, it is possible to list versions of a single model by selecting it on the left panel. You can also see the access rights of users on this model.
Guests can only see available versions with a set tag while contributors (or admins) can see all of them.
If you have admin rights on the model, you can delete its versions and manage its rights. .Models management page image::./models-list.png["Models management page"]
Budget access
Users can view the budgets that they have access to from the Budgets action in the top right user menu. After selecting a budget in the list, the memberships linked to that budget can be managed under the Members section.
Secret access
Users can view the secrets that they have access to from the Secrets action in the top right user menu. After selecting a secret in the list, the memberships linked to that secret can be managed under the Members section.