Managing users priviledges

User management is one of the most important administrative functions in the daily operation of the system. It allows setting up editor accounts, assigning appropriate permissions, assigning, expanding and narrowing specific roles, monitoring currently assigned roles. The management functions also allow users to be deleted.

The following screen shows the types of roles in KB.

A user's role defines his or her permissions regarding the types of descriptions and the range of operations he or she can perform.

Currently, the following roles have been distinguished that define the scope of operations:

admin application administrator (unlimited rights)
superdataentry editor with elevated privileges (can edit his own records and records created by other editors from his unit)
dataentry editor (can only edit records, which he owns)
Superdownload can perform exports of complete system data (including protected data
betatester can perform functions (new) in testing mode, not yet available to the general user
XMLimport can perform imports in XML format
XMLexport can perform export of data in XML format (at this point, this permission only covers dictionary data types, dictionary data and journals)
scoring can give/correct scores in journal descriptions
manualScore can manually assign/correct scores in publications
optimization can use the optimization module (Evaluation tab on the discipline profile)
PBNexport can use the PBN data transfer module (Evaluation tab on the discipline profile), including data validation, export simulation, and actual data transfer (as long as the user has the Publication Importer role in the PBN system and has generated a user token using the button provided on the Evaluation tab)
financeview can view financial data (e.g., in project descriptions)
Statisticsview can view generated statistics and other aggregate data
versions can perform global changes on types that are not under strict administrator control
selfedition can edit data on his profile
self-import can import own publications (by DOI or selected format) or enter data on the form designed for this purpose (entered record remains in incomplete status)

Functional privileges assigned (according to the above roles) can be further restricted as follows:

publications certain editorial operations can perform on all types of description of scientific achievements (publications, projects, patents, doctoral theses, dissertations, activities, achievements, etc.).
diplomas certain editorial operations can perform only on types of description of scientific achievements related to diplomas (doctoral theses, dissertations)
projects certain editorial operations can perform only on project descriptions
technology certain editorial operations can perform only on technology descriptions

User record worksheet has the form as below:

The definition of the priviledges consists in

defining the role - it may be a combination of various roles
degning the modification access level - this is determined by the selection of the affiliation.

So, for example, assigning the role dataentry and publications - authorizes the user to enter all types of publications (including theses) and scientific reports, but edit only those records of which he is the owner.

In addition, permissions are also limited by the Modification Access Level field - when restricted to a specific department, the editor is only able to edit records created for researchers affiliated to that department (at least one researcher should be the author).

If the user is a researcher, the most typical priviledges are selfedition and selfimport. The researcher should be connected to his/her profile (the field Person). If the profile is linked to the user account, the user has access to the functions on his/her profile (editing the biogram, adding publications, etc.)

The link between the authorization system (CAS) and KB guarantees a proper login (connecting researcher with his/her profile, and providing correct priviledges defined in user’s record.