Rights management

Info

Rights management is only available in Arkindex Enterprise Edition.

Each right is represented by a membership between a user and a specific resource, such as a group, a project, a worker, etc.

Depending on your role, you will have different privileges on each resources.

Roles¶

The permission granted by a membership is defined by a role allowing specific permissions.

Guest¶

Guest is the lowest access level.

A guest is only able to access resources concerned by its right. For example a guest member on a project will be allowed to access its associated resources (e.g. elements, transcriptions etc…) with a read-only access.

Contributor¶

Contributor is the intermediate access level.

A contributor is able to add new information with restrictions. For example, a contributor of a project is able to create a transcription on an element, or a metadata.

Administrator¶

An administrator has the highest access level.

They may edit other members on the target they administer
They may create/edit or delete any resource depending on the target

In other terms, an administrator of a project is allowed to delete a metadata on an element, delete the element itself and even delete the entire project.

Grant access to resources¶

A role on a resource grants different access levels depending on the resource nature and role level.

Group access¶

Groups memberships can be accessed from your profile page. Please refer to manage a group section for more information.

Group permission table¶

action	no right	guest	contributor	admin
List members of a public group	❌	✅	✅	✅
List members of a private group	❌	✅	✅	✅
Leave a group	❌	✅	✅	✅
Delete a group	❌	❌	❌	✅
Manage members of a group	❌	❌	❌	✅

Project access¶

You can manage access rights to a project if you have an admin access yourself.

Once on the corpus management page, permissions can be edited from the members section at the bottom of the page. Members of a project can either be users or groups.

Members can be deleted using the trash button. Their access level can be edited directly from the table. Those actions are disabled for non admin members.

To add a new member, you may use the form at the bottom of the table. The identifier is an email address for a user or an unique ID for a group. You may have to ask the group ID to one of its member if you are not a member yourself.

Please note that as for other resources, at least one user or group must have an admin right to a project.

Project permission table¶

action	no right	guest	contributor	admin
Navigate in public projects	✅	✅	✅	✅
Navigate in private projects	❌	✅	✅	✅
Download an existing export	❌	✅	✅	✅
Generate an export	❌	❌	✅	✅
Import new elements (from files or IIIF paths)	❌	❌	✅	✅
Create annotations	❌	❌	✅	✅
Create a transcription/class/metadata on an element	❌	❌	✅	✅
Manage members	❌	❌	❌	✅
Delete elements	❌	❌	❌	✅
Start a process	❌	❌	❌	✅
Start a dataset process	❌	❌	❌	✅

Worker access¶

Workers are resources required to run Machine Learning workflows.

A user can see the workers they can execute from Workers in the top right user menu. After selecting a worker in the left panel, worker memberships can be managed under the Members tab.

Worker permission table¶

Warning

A Guest role has no meaning for workers as a Contributor role is required to list or execute them.

action	no right	guest	contributor	admin
Lookup the worker that created a resource (e.g. element, class, transcription)	✅	✅	✅	✅
List workers	❌	❌	✅	✅
List versions associated to a worker	❌	❌	✅	✅
Run a process with a worker	❌	❌	✅	✅
Edit a worker	❌	❌	✅	✅
Create a new worker version for a worker	❌	❌	❌	✅
Archive a worker	❌	❌	❌	✅
Delete a worker	❌	❌	❌	✅
Manage members	❌	❌	❌	✅

Public workers¶

Some workers are public: any registered user can run a process with a public worker. Other actions, such as editing, archiving or deleting the worker, remain restricted to users with administrator rights on the worker.

action	no right	guest	contributor	admin
Lookup the worker that created a resource (e.g. element, class, transcription)	✅	✅	✅	✅
List public workers	✅	✅	✅	✅
List versions associated to a public worker	✅	✅	✅	✅
Run a process with a public worker	✅	✅	✅	✅
Edit a public worker	❌	❌	✅	✅
Create a new worker version for a public worker	❌	❌	❌	✅
Archive a public worker	❌	❌	❌	✅
Delete a public worker	❌	❌	❌	✅
Manage members	❌	❌	❌	✅

Process access¶

Processes are mainly used to import data on a project or process existing elements (e.g. classify or create transcriptions). The access to a process is defined by rights on the project they run. A user may track the progress of a visible process, with its tasks artifacts.

Process permission table¶

action	no right	guest	contributor	admin
See a process	❌	✅	✅	✅
Configure and start a process	❌	❌	❌	✅
Stop a running process	❌	❌	❌	✅
Retry a failed process	❌	❌	❌	✅

Model access¶

A user can see the Machine Learning models they have access to from Models in the top right user menu. From this page, it is possible to list versions of a single model by selecting it on the left panel. You can also see the access rights of users on this model.

Guests can only see available versions with a set tag while contributors (or admins) can see all of them.

If you have admin rights on the model, you can delete its versions and manage its rights.

Model permission table¶

action	no right	guest	contributor	admin
See a model	❌	✅	✅	✅
List its available versions (with a set tag)	❌	✅	✅	✅
List its versions	❌	❌	✅	✅
Delete a version	❌	❌	❌	✅
Manage members	❌	❌	❌	✅

Dataset process permission table¶

action	no right	guest	contributor	admin
See a dataset process	❌	✅	✅	✅
Configure and start a dataset process	❌	❌	❌	✅
Stop a running dataset process	❌	❌	❌	✅
Retry a failed dataset process	❌	❌	❌	✅