| Table of Contents | ||
|---|---|---|
|
There is a set of standard project roles that can be granted to users of your Mediaflux project. Here we will help you understand which role to grant to each user depending on their use case.
Use cases
Read-only access
If you have a user that you would like to give read-only access to the content of your Mediaflux project.
participant-a: allow a user to read data. This will allow them to access and download data using all current access methods like the Mediaflux Unimelb Command-Line Clients, SFTP, and SMB.
Read-write access
Depending on the access method the user is going to use, you might grant them either participant-acm or participant-acmd-n.
participant-acm: allow a user to read and upload data. They can create files and directories but cannot delete them. This could make sense for automated or command-line uploads with Mediaflux Unimelb Command-Line Clients or SFTP.
participant-acmd-n: allow a user full read-write access. They can create files and directories and delete them. This makes sense for any interactive access where a user wants to be able to create and modify files, for example Mediaflux Explorer or SMB.
More complex access patterns
Where your Mediaflux project requires that users have different access levels to different directories, we can offer our Standard ACL structure.
participant-a: We use the read-only role as the basis for the user’s access. The user is then granted additional access to certain subdirectories or additional restrictions are added to remove their access.
Administrator
The administrator role grants full read-write access, as well as the ability to manage project metadata and queries, grant project roles to other users (though this is typically done by the Mediaflux support team by raising a ticket).
Glossary
a Mediaflux namespace can be thought of as a folder or directory
a Mediaflux asset is a container holding a file and metadata about that file. When you upload a file, Mediaflux makes an asset, puts the file in the asset, and creates a default set of metadata about the asset including a checksum of the contents of the file.
Project Roles
The standard roles per project that are provided are:
administrator
access, create, modify, and destroy project child namespaces
access, create, modify, and destroy project assets
manage specialised project metadata definitions and queries
grant project access to other users (however, this is best done by the Mediaflux support team by raising a ticket).
participant-a
access project child namespaces
access project assets
participant-acm
access, create, and modify project child namespaces
access, create, and modify project assets
participant-acmd
access, create and modify (but not destroy) project namespaces
access, create, modify and destroy project assets
participant-acmd-n
access, create, modify and destroy project child namespaces
access, create, modify and destroy project assets
Note: modify includes move
Examples
If you wanted to give somebody read only access to your project, then they would be granted the role participant-a
Give people the role participant-acmd-n if you want them to have as much power as the administrator regarding data, but not allow them the ability to manage metadata definitions or to grant others access to the project