Feature Request: Introduce new EditDataversePermissionGroup permission #12218
Description
Overview of the Feature Request
Introduce a new permission called EditDataversePermissionGroup (or similar name; hereafter: Permission) that allows a user to edit an existing Group (collection of Dataverse installation user accounts) within a collection, as highlighted in red in the screenshot below:
The Permission comes with the following conditions:
- The Permission can be assigned without the user needing to have any other Dataverse-level permissions (
EditDataverse,ManageDataversePermissions,PublishDataverse,DeleteDataverse). - The Permission does not include the permission to add or delete a Group.
What kind of user is the feature intended for?
(Example users roles: API User, Curator, Depositor, Guest, Superuser, Sysadmin)
Collection Managers
What inspired the request?
At DataverseNO, we don't allow depositors to create collections. Collection creation and configuration is done by the repository management. Once a collection is created, a Collection Manager is responsible for the management of the collection, including curation of datasets, but we don't want Collection Managers to be able to create sub-collections or edit the configuration of the collection they manage, except for being able to add/remove users/user groups to/from an existing Group. We thus want a Collection Manager have the following permissions:
What existing behavior do you want changed?
Currently, the only way to allow a user to add/remove users/user groups to/from a Group is to assign the user a role that includes the Dataverse-level permissions EditDataset and ManageDataversePermissions, which means that the user can configure the collection at stake and thus do a lot more actions than editing existing Groups, but more seriously, the user can also assign themselves Admin permissions, which undermines the point of being able to keep a user's permission within a limited set of rights (I think this should be addressed in a separate issue).
Any brand new behavior do you want to add to Dataverse?
Yes. The current feature request wants to add a more granular permission.
Any open or closed issues related to this feature request?
No. There are many issues related to permissions, but I couldn't find any open issues that are related in a relevant way. I've added a post about this GitHub issue to the Dataverse Community Google group.
Are you thinking about creating a pull request for this feature?
Depending on community feedback and PR scope, DataverseNO is willing to sponsor the implementation of this feature request.