Time
S
Nick
Message
00:10 nightowl313 joined #dataverse
07:06 Virgile joined #dataverse
12:44 donsizemore joined #dataverse
15:08 pdurbin joined #dataverse
15:18 pdurbin
donsizemore: are you done counting votes in North Carolina yet?
15:39 donsizemore
our incumbent governor has a check-mark by his picture, but the incumbent senator doesn't yet
15:40 donsizemore
we don't have to certify until Dec 8th
16:07 pdurbin
please take your time
16:13 donsizemore
So whatever Yenta brings, you'll take, right? Of course right!
16:15 poikilotherm
pdurbin donsizemore heads up that I just pushed https://github.com/IQSS/dataverse/pull/7048 to code review. Added some docs :-)
16:15 poikilotherm
Crossing fingers everyones happy with it
16:16 donsizemore
I support this
16:22 pdurbin
poikilotherm: thanks, there were two things (from Slack) Leonid wanted. If you did them, we should be good, but he's out today so it'll probably sit until tomorrow.
16:57 poikilotherm
Not sure I did them
16:57 poikilotherm
It was a bit all over the place...
16:57 poikilotherm
I requested another review from you folks
16:57 poikilotherm
So hopefully that'll get sorted out
17:03 pdurbin
From Slack: But I'd like to know the answers, to the last 2 questions I asked there - if we need to stop creating the jdbc-connection-pool in the installer; and whether any release note info is needed, for the existing installations.
17:04 pdurbin
poikilotherm: if you did those two things we should be good.
17:11 nightowl313 joined #dataverse
17:18 poikilotherm
That's solved
17:31 pdurbin
awesome
18:14 nightowl313 joined #dataverse
18:22 nightowl313 joined #dataverse
18:25 nightowl313
hey all .. kind of freaking out because I thought I had permissions understood ... doing some testing and wondering if I could ask a question? In our test dataverse, we have it configured so that anyone with an account can add dataverses. So, one user created a dataverse, which is fine. But then I gave another user "Curator" role in that dataverse. He logged in and did not have the "Add data" button within that dataverse. Shouldn't he be able
18:26 nightowl313
I tried the contributor role as well .. no button. Can't contributors add dataverses, datasets but just can't publish?
18:38 nightowl313
oops, no I lied .. it works if I add him as curator, but not as contributor ... I thought that contributors were essentially the same as curators except that they cannot publish?
18:43 nightowl313
i apparently do not really understand permissions/roles ...
18:50 donsizemore
"Contributor role (can edit metadata, upload files, and edit files, edit Terms, Guestbook, and Submit datasets for review"
18:50 donsizemore
so a contributor couldn't create datasets, if i'm reading correctly?
18:51 donsizemore
(I know nothing about roles; but I'm happy to put you in touch with our archivists)
18:55 nightowl313
thanks @donsizemore that would probably help a lot; in looking at the permissions for contributor, they are pretty limited (to only those things you listed), but when combined with the "anyone with an account can add dataverses" I guess that is what confused me because using contributor as default with that (as we have it at the top level) gave them a lot more permissions).
18:56 nightowl313
this is like inception
19:00 donsizemore
@pdurbin gave me the best advice for understanding permissions: "each dataverse is an island"
19:01 pdurbin
yep
19:01 nightowl313
yea, and things get a lot more complicated when you set it to not allow everyone to create dataverses (ie: everyone needs to be given access)
19:01 donsizemore
librarians are all about control ;)
19:02 nightowl313
we don't want just anyone creating dataverses/datasets (at least not yet), so we have to think about a poicy for new dataverses and access for owners and members of those will have access
19:03 pdurbin
nightowl313: if you email the list you might get some ideas about what others do
19:04 nightowl313
we thought that we could create each top-level dataverse, and then make the "owner" an admin ... he could make the rest of the team "contributors" so that they would have to request permission for publishing ... but now we see that contributor doesn't actually allow them to create anything!
19:04 nightowl313
not sure if there is a way to give them access to create dataverses/datasets and still require publish request
19:05 nightowl313
yes, sorry, i will email the community ... sherry lake has helped me a lot but I have to keep bugging her
19:05 nightowl313
*hate
19:05 pdurbin
I thought contributors could create stuff.
19:06 nightowl313
I thought so, too, but seems like that is only when you have the "who can add to this dataverse" question set to "anyone with an account can add dataverses" ... that gives them the ability
19:06 nightowl313
i think
19:07 donsizemore
can you create a custom role tied to group membership?
19:07 donsizemore
or is this way more broadly distributor than a core team of data-approvers?
19:08 pdurbin
Yeah, that's what I was thinking, a group.
19:10 pdurbin
nightowl313: so one tip, perhaps is to play with the Edit Access button and observe what changes are made under "Users/Groups". That Edit Access button is meant to be an easy way to configure popular options under Users/Groups but you can also go directly to Users/Groups and assign a role to a group, like Don is suggesting.
19:11 nightowl313
oh awesome idea ... could we create a group with custom roles that allows for creation of dataverses, datasets but also requires reques to publish? and then just automatically assign that to all users when we create a dataverse? (Other than the owner, who would be admin or curator)?
19:12 nightowl313
or automatically add the users to that group i mean
19:13 nightowl313
i guess the custom role would need add dataverse, add dataset, but not publish (like curator but without publish)
19:13 donsizemore
and you don't want to blanket-ly delegate permission management to the owner of each sub-dataverse
19:13 pdurbin
I think all of that is possible (he says in a handy wavy fashion).
19:14 pdurbin
hand* wavy
19:14 nightowl313
so do you think that the dataverse owners should be curator? or another custom role?
19:15 nightowl313
hand-wavy ... new technical term!
19:15 donsizemore
i would think the dataverse owner would have full control over the sub-dataverse already, but if not, start with the lowest level of permission you think they'll need?
19:15 nightowl313
or perhaps just the same role if we are auto-assigning permissions anyway
19:15 nightowl313
we want the dataverse owner to be able to approve dataset publish requests at least
19:16 nightowl313
and create dataverses, datasets as well
19:16 nightowl313
since we are creating the dataverses, they don't automatically have ownership
19:16 nightowl313
at least at the top level
19:20 pdurbin
principle of least privilege, like donsizemore says, is always a good idea
19:22 nightowl313
=) +1
19:22 donsizemore
oh oh "Note that the Dataset Creator role and Contributor role are sometimes confused. The Dataset Creator role is assigned at the dataverse level and allows a user to create new datasets in that dataverse. The Contributor role can be assigned at the dataset level, granting a user the ability to edit that specific dataset. Alternatively, the Contributor role can be assigned at the dataverse level, granting the user the ability to edit all dat
19:23 nightowl313
you all are amazing! Thank you!
19:24 nightowl313
I will send an email to the community, too, to see if anyone has any recommendations for specific permissions for each role based on what we are trying to do
19:24 donsizemore
I like the automatic group population idea in theory
19:27 nightowl313
ah if assigned at the dataverse level, contributors can edit all data, but not create? that def was my confusion ... i thought they could
19:29 pdurbin
I would suggest testing it. :)
19:32 nightowl313
yes doing a lot of testing! =)
19:33 pdurbin
Please let us know about the bugs you find. :)
19:36 nightowl313
you know I will definitely ask questions! lol
19:38 pdurbin
:)
19:41 poikilotherm
Yeah, Contributors on a Dataverse cannot add Datasets. You'll need the AddDataset Permission for that, too
19:42 poikilotherm
Yet you can enable the AddDataset permission on the Dataverse and let define what permissions the user will gain on the new dataset.
19:42 poikilotherm
It's a bit confusing first
19:42 pdurbin
yeah
19:43 poikilotherm
Oh wow. I just received the other messages. Sorry for double posting because of messages being stuck in cache land.
19:45 poikilotherm
Hmm. Still lagging. iqlogbot knows more than my mobile :-(
19:46 * pdurbin
gives iqlogbot a treat
19:47 nightowl313
if we give create dataverse or create dataset permissions, users don't have to request to publish, do they? trying to find a way to allow users to create datasets within a dataverse but not automatically publish them
19:48 nightowl313
at least until we change our minds and decide we don't want to have to approve all of those requests!
19:48 nightowl313
... because we have people knocking down the door to get into our dataverse ...haha not
19:51 nightowl313
sorry AddDataverse and AddDataset
19:53 pdurbin
Whether or not they can publish depends on the role they are given after/during the creation process. The second part of that Edit Access button. If they given the lowly contributor role, they can't publish.
19:57 donsizemore
@pdurbin "NC elections chief: Vote totals unlikely to change for another week" https://www.wral.com/nc-elections-officials-discuss-vote-counting/19370745/
19:59 pdurbin
ok
20:00 nightowl313
if we have the first question set to "Anyone adding to this dataverse needs to be given access"... does the second question even come into play?
20:00 nightowl313
don't we have to set the permissions individually at that point?
20:00 nightowl313
we don't want anyone with an account to be able to edit any dataverse in the system
20:00 pdurbin
Yes, the second question always comes into play.
20:00 nightowl313
sorry, I mean add
20:01 nightowl313
okay now I'm really confused ... I really don't understand this at all
20:02 pdurbin
:(
20:02 nightowl313
how do you give someone access to the dataverse with the first question set to "Anyone adding to this dataverse needs to be given access" ... you have to manually add them in the users/roles section right?
20:03 nightowl313
and the second question at the top doesn't have meaning unless you have chosen the 2-4 responses (anyone can add dataverses, etc..)??
20:04 nightowl313
or am i completely mistaken?
20:04 nightowl313
which would not surprise me!
20:06 pdurbin
To add someone you go to Users/Groups and add them.
20:10 nightowl313
right .. and you assign them a role ... which you have to do because the first answer was "anyone must be given access" ... so you are giving them the role instead of the second answer at the top assigning the role, right? or does that second option still apply somehow?
20:11 pdurbin
It's complicated. Obviously. The second question only applies to the person who creates the dataverse or dataset.
20:16 nightowl313
eeeeeedwi thought the person creating the dataverse/dataset automatically got admin role
20:16 nightowl313
sorry my cat walked on the keyboard for that first word!
20:16 nightowl313
kitten
20:17 pdurbin
well, the toggle is for Contributor or Curator, not Admin
20:18 pdurbin
oh but that's for dataset, probably for dataverse it's Admin
20:32 nightowl313
eeeks, i have a heck of a lot more testing to do! thanks!
20:33 pdurbin
sure
20:33 pdurbin
It's confusing. Playing with it is probably the best way to learn. Until we write better docs. :)
20:36 nightowl313
the docs are great! i think it just takes practice and testing as there probably isn't a way to write all of the different scenarios down!
20:37 pdurbin
yeah
21:56 pdurbin left #dataverse
23:38 nightowl313 joined #dataverse
