Rights management

Each right is represented by a membership between a user and a specific resource. The resource may be a group, a project, or a worker.

Depending on your role, you will have different privileges on each resources.

Roles🔗

The permission granted by a membership is defined by a role allowing specific permissions.

Guest🔗

Guest is the lowest access level.

A guest is only able to access resources concerned by its right. For example a guest member on a project will be allowed to access its associated resources (e.g. elements, transcriptions etc...) with a read-only access.

Contributor🔗

Contributor is the intermediate access level.

A contributor is able to add new information with restrictions. For example, a contributor of a project is able to create a transcription on an element, or a metadata.

Administrator🔗

An administrator has the highest access level.

• They may edit other members on the target they administer
• They may create/edit or delete any resource depending on the target

In other terms, an administrator of a project is allowed to delete a metadata on an element, delete the element itself and even delete the entire project.

Grant access to resources🔗

A role on a resource grants different access levels depending on the resource nature and role level.

Group access🔗

Groups memberships can be accessed from your profile page. Please refer to manage a group section for more information.

Group permission table🔗

action	no right	guest	contributor	admin
List members of a public group	❌	✅	✅	✅
List members of a private group	❌	✅	✅	✅
Leave a group	❌	✅	✅	✅
Delete a group	❌	❌	❌	✅
Manage members of a group	❌	❌	❌	✅

Project access🔗

You can manage access rights to a project if you have an admin access yourself.

Once on the corpus management page, permissions can be edited from the members section at the bottom of the page. Members of a project can either be users or groups.

Members can be deleted using the trash button. Their access level can be edited directly from the table. Those actions are disabled for non admin members.

To add a new member, you may use the form at the bottom of the table. The identifier is an email address for a user or an unique ID for a group. You may have to ask the group ID to one of its member if you are not a member yourself.

Please note that as for other resources, at least one user or group must have an admin right to a project.

Project permission table🔗

action	no right	guest	contributor	admin
Navigate in public projects	✅	✅	✅	✅
Navigate in private projects	❌	✅	✅	✅
Download an existing export	❌	✅	✅	✅
Generate an export	❌	❌	✅	✅
Import new elements (from files or IIIF paths)	❌	❌	✅	✅
Create annotations	❌	❌	✅	✅
Create a transcription/class/metadata on an element	❌	❌	✅	✅
Manage members	❌	❌	❌	✅
Delete elements	❌	❌	❌	✅
Start a Machine Learning process	❌	❌	❌	✅
Start a Machine Learning Training process	❌	❌	✅	✅

Repository access🔗

Repository management works in a similar way as for projects. A repository member may access it from the repositories list page, accessible from My repositories in the top right user menu.

Users link will redirect you to the repository management page, where you can edit members access.

Repository permission table🔗

action	no right	guest	contributor	admin
Retrieve a repository	❌	✅	✅	✅
Delete a repository	❌	❌	❌	✅
Manage members	❌	❌	❌	✅

Worker access🔗

Workers are resources required to run Machine Learning workflows. Workers inherit of the roles owned on their repository (e.g. a repository administrator has an administrator access to all of its depending workers). A worker may have no member (i.e. no administrator) as it rely on its repository.

A user can see the workers they can execute from My workers in the top right user menu. From this page, it is possible to list both versions and members of a single worker by selecting it on the left panel.

An admin member of a repository may independently manage a worker by clicking on the worker name in the repository list.

The Members section is located at the bottom of the management page of a worker.

Worker permission table🔗

action	no right	guest	contributor	admin
Lookup the worker that created a resource (e.g. element, class, transcription)	✅	✅	✅	✅
List workers	❌	❌	✅	✅
List versions associated to a worker	❌	❌	✅	✅
Run a Machine Learning workflow with a worker	❌	❌	✅	✅
Delete a worker	❌	❌	❌	✅
Manage members	❌	❌	❌	✅

Processes access🔗

Processes are mainly used to import data on a project or process existing elements (e.g. classify or create transcriptions). The access to a process is defined by rights on the project they run. A user may track the progress of a visible process, with its tasks artifacts.

Processes permission table🔗

action	no right	guest	contributor	admin
See a process	❌	✅	✅	✅
Configure and start a process	❌	❌	❌	✅
Stop a running process	❌	❌	❌	✅
Retry a failed process	❌	❌	❌	✅

Models access🔗

A user can see the Machine Learning models they have access to from My models in the top right user menu. This feature is still in Beta mode. From this page, it is possible to list versions of a single model by selecting it on the left panel. You can also see the access rights of users on this model.

Guests can only see available versions with a set tag while contributors (or admins) can see all of them.

If you have admin rights on the model, you can delete its versions and manage its rights. You can also create a new model version by creating a training process for this Model.

Models permission table🔗

action	no right	guest	contributor	admin
See a model	❌	✅	✅	✅
List its available versions (with a set tag)	❌	✅	✅	✅
List its versions	❌	❌	✅	✅
Delete a version	❌	❌	❌	✅
Manage members	❌	❌	❌	✅

Training processes permission table🔗

action	no right	guest	contributor	admin
See a training process	❌	✅	✅	✅
Configure and start a training process	❌	❌	❌	✅
Stop a running training process	❌	❌	❌	✅
Retry a failed training process	❌	❌	❌	✅