Rights management

Each right is represented by a membership between a user and a specific resource. The resource may be a group, a project, or a worker.

Depending on your role, you will have different privileges on each resources.

Roles

The permission granted by a membership is defined by a role allowing specific permissions.

Guest

Guest is the lowest access level.

A guest is only able to access resources concerned by its right. For example a guest member on a project will be allowed to access its associated resources (e.g. elements, transcriptions etc…) with a read-only access.

Contributor

Contributor is the intermediate access level.

A contributor is able to add new information with restrictions. For example, a contributor of a project is able to create a transcription on an element, or a metadata.

Administrator

An administrator has the highest access level.

• They may edit other members on the target they administer
• They may create/edit or delete any resource depending on the target

In other terms, an administrator of a project is allowed to delete a metadata on an element, delete the element itself and even delete the entire project.

Grant access to resources

A role on a resource grants different access levels depending on the resource nature and role level.

Group access

Groups memberships can be accessed from your profile page. Please refer to manage a group section for more information.

Group permission table

action	no right	guest	contributor	admin
List members of a public group	❌	✅	✅	✅
List members of a private group	❌	✅	✅	✅
Leave a group	❌	✅	✅	✅
Delete a group	❌	❌	❌	✅
Manage members of a group	❌	❌	❌	✅

Project access

You can manage access rights to a project if you have an admin access yourself.

Once on the corpus management page, permissions can be edited from the members section at the bottom of the page. Members of a project can either be users or groups.

List of members in a project

Members can be deleted using the trash button. Their access level can be edited directly from the table. Those actions are disabled for non admin members.

Actions to edit or delete a member

To add a new member, you may use the form at the bottom of the table. The identifier is an email address for a user or an unique ID for a group. You may have to ask the group ID to one of its member if you are not a member yourself.

Actions to add a member

Please note that as for other resources, at least one user or group must have an admin right to a project.

Project permission table

action	no right	guest	contributor	admin
Navigate in public projects	✅	✅	✅	✅
Navigate in private projects	❌	✅	✅	✅
Download an existing export	❌	✅	✅	✅
Generate an export	❌	❌	✅	✅
Import new elements (from files or IIIF paths)	❌	❌	✅	✅
Create annotations	❌	❌	✅	✅
Create a transcription/class/metadata on an element	❌	❌	✅	✅
Manage members	❌	❌	❌	✅
Delete elements	❌	❌	❌	✅
Start a process	❌	❌	❌	✅
Start a dataset process	❌	❌	❌	✅

Worker access

Workers are resources required to run Machine Learning workflows.

A user can see the workers they can execute from Workers in the top right user menu. From this page, it is possible to list both versions and members of a single worker by selecting it on the left panel.

Workers management page

The Members section is located at the bottom of the management page of a worker.

Worker permission table

Warning

A Guest role has no meaning for workers as a Contributor role is required to list or execute them.

action	no right	guest	contributor	admin
Lookup the worker that created a resource (e.g. element, class, transcription)	✅	✅	✅	✅
List workers	❌	❌	✅	✅
List versions associated to a worker	❌	❌	✅	✅
Run a process with a worker	❌	❌	✅	✅
Edit a worker	❌	❌	✅	✅
Create a new worker version for a worker	❌	❌	❌	✅
Archive a worker	❌	❌	❌	✅
Delete a worker	❌	❌	❌	✅
Manage members	❌	❌	❌	✅

Public workers

Some workers are public: any registered user can run a process with a public worker. Other actions, such as editing, archiving or deleting the worker, remain restricted to users with administrator rights on the worker.

action	no right	guest	contributor	admin
Lookup the worker that created a resource (e.g. element, class, transcription)	✅	✅	✅	✅
List public workers	✅	✅	✅	✅
List versions associated to a public worker	✅	✅	✅	✅
Run a process with a public worker	✅	✅	✅	✅
Edit a public worker	❌	❌	✅	✅
Create a new worker version for a public worker	❌	❌	❌	✅
Archive a public worker	❌	❌	❌	✅
Delete a public worker	❌	❌	❌	✅
Manage members	❌	❌	❌	✅

Processes access

Processes are mainly used to import data on a project or process existing elements (e.g. classify or create transcriptions). The access to a process is defined by rights on the project they run. A user may track the progress of a visible process, with its tasks artifacts.

Processes permission table

action	no right	guest	contributor	admin
See a process	❌	✅	✅	✅
Configure and start a process	❌	❌	❌	✅
Stop a running process	❌	❌	❌	✅
Retry a failed process	❌	❌	❌	✅

Models access

A user can see the Machine Learning models they have access to from Models in the top right user menu. From this page, it is possible to list versions of a single model by selecting it on the left panel. You can also see the access rights of users on this model.

Guests can only see available versions with a set tag while contributors (or admins) can see all of them.

If you have admin rights on the model, you can delete its versions and manage its rights.

Models management page

Models permission table

action	no right	guest	contributor	admin
See a model	❌	✅	✅	✅
List its available versions (with a set tag)	❌	✅	✅	✅
List its versions	❌	❌	✅	✅
Delete a version	❌	❌	❌	✅
Manage members	❌	❌	❌	✅

Dataset processes permission table

action	no right	guest	contributor	admin
See a dataset process	❌	✅	✅	✅
Configure and start a dataset process	❌	❌	❌	✅
Stop a running dataset process	❌	❌	❌	✅
Retry a failed dataset process	❌	❌	❌	✅