User roles
In CanDIG, there are five main user roles, site admin, site curator, program curator, team member and authorized user. It is expected that the main users who will be ingesting data will be either a Site Curator or a Program Curator. Initially, a site admin must give a user either site curator or program curator privileges to enable them to ingest. Once given site curator status, a user can then register, ingest and delete any program at a site. The site curator role is intended to be used when there is a few dedicated curators who will be ingesting all data at a site and they are all authorized to see all data that will be ingested at that site.
A program curator can only perform actions on the specific program they have been given program curator status on. They are not authorized to see or edit other programs at the site.
Team members and Authorized users are similar in that they can only be granted access to read or see data in the platform. Team members are considered part of the team that owns or curated the program while an authorized user would have applied for access to a program through a Data Access Request. They get given access to a program/s for a pre-determined amount of time, as approved by the DAC that governs the program.
A summary of what each user role can do in CanDIG is in the table below. The full technical breakdown of which endpoints each user can access is controlled through opa and is found in paths.json
| Role | Register a new program | Edit authorized users in an existing program | ingest/delete data | view ingested data |
|---|---|---|---|---|
| Site admin | ||||
| Site curator | ||||
| Program curator | (authorized programs) | (authorized programs) | (authorized programs) | |
| Team member | (authorized programs) | |||
| Authorized user | (authorized programs for an amount of time) |
How to assign a user a site curator role
This can only be done by a site admin.
-
Get a token by logging into the candig data portal as site admin and copying the API token.
a. Go to the icon in the top right of the screen and click the cog
b. Click ‘ *** Get API Token’
c. Click the token to copy the text
- Go to a terminal and save it into a variable called TOKEN
TOKEN=ey-pasted-jwt- POST to the site-role endpoint in ingest to assign a user the site curator role, e.g. with user1@test.ca
curl --request POST \ --url $CANDIG_URL'/ingest/site-role/curator/email/user1@test.ca' \ -H 'accept: application/json' \ -H 'Content-Type: application/json' \ -H 'Authorization: Bearer '$TOKEN- You can check whether a user has the site curator role by doing the same curl call with a GET request. It should return true. Users can be removed as site curators by using the same endpoint with a DELETE action instead of POST/GET.