[Archivesspace_Users_Group] Users with basic data entry credentials and access to agent contact details

na207 na207 at cam.ac.uk
Mon Jun 24 04:06:16 EDT 2019


Dear Christine,

This is excellent news- thank you very much!

Best wishes,

Natalie

From: archivesspace_users_group-bounces at lyralists.lyrasis.org <archivesspace_users_group-bounces at lyralists.lyrasis.org> On Behalf Of Christine Di Bella
Sent: 21 June 2019 13:29
To: archivesspace_users_group at lyralists.lyrasis.org
Subject: Re: [Archivesspace_Users_Group] Users with basic data entry credentials and access to agent contact details

Dear Natalie,

First off, welcome!

Your mention of our training materials and the implications of this particular permission for the UK Data Protection Act and GDPR made us look to see what was happening in the application. As far as we can tell, all permission levels with access to view agent records have been able to view the contact details part of the record. This is clearly not what was intended, given how this was written up for the purposes of training and the user manual. And we know it's an even more important feature now given international laws around securing personal information.

I'm pleased to say that one of our developers was able to determine what was wrong and to add a specific permission for viewing the contact details part of an agent record. This permission will be automatically included for the out-of-the-box permission levels above Advanced Data Entry users and also selectable if high level users want to include it for other permission groups (and de-selectable if people don't want it included for the permission groups for which it comes automatically). This feature will need additional testing, but assuming it passes muster, we anticipate including it in our next release, which will come out later in the summer. We've added a JIRA issue (https://archivesspace.atlassian.net/browse/ANW-910) and work can be tracked there.

Thanks for bringing this oversight to our attention. We typically can't make changes to the application as quickly as this, but I'm glad it was possible in this case.

Christine

Christine Di Bella
ArchivesSpace Program Manager
christine.dibella at lyrasis.org<mailto:christine.dibella at lyrasis.org>
800.999.8558 x2905
678-235-2905
cdibella13 (Skype)

[ASpaceOrgHomeMedium]



From: archivesspace_users_group-bounces at lyralists.lyrasis.org<mailto:archivesspace_users_group-bounces at lyralists.lyrasis.org> <archivesspace_users_group-bounces at lyralists.lyrasis.org<mailto:archivesspace_users_group-bounces at lyralists.lyrasis.org>> On Behalf Of na207
Sent: Tuesday, June 18, 2019 10:11 AM
To: archivesspace_users_group at lyralists.lyrasis.org<mailto:archivesspace_users_group at lyralists.lyrasis.org>
Subject: [Archivesspace_Users_Group] Users with basic data entry credentials and access to agent contact details

Dear all,

This is my first message to the user group- I've been making great use of the list's archives and am hoping someone may be able to help with my question.

I'm working through issues concerning sharing personal data about living individuals in ArchivesSpace- seeking to ensure that personal data is only accessible and shared if necessary and appropriate to comply with the UK Data Protection Act and GDPR.

We were lucky enough to receive 2 days training on ArchivesSpace last summer and our training notes about the types of user record set out the following :



Basic Data Entry Staff: Has no application customization permissions; is unable to read or write name contact information; has read-only access to Accession, Digital Object, Agent, and Subject records, has read/write permissions on Resource records.

I have just set up a test user account and given it basic data entry privileges. When I log in as that user I can view (but not edit) agent records including contact information. The agent records have been created by the repository to which the test user belongs but the test user can also see contact details of agents created by another repository.

I have looked at the 'manage groups' menu to check what basic data entry users can do, and found that the following boxes only are checked:- create/update resources in this repository; create/update digital objects in this repository; view the records in this repository; create and run a background job. It doesn't look as though there is another box I could tick to limit access to contact information.

I may be missing something obvious but is there a way to limit access to contact information in ArchivesSpace? I would be very grateful for any assistance,

Best wishes,

Natalie


Natalie Adams
Systems Archivist
Cambridge University Library
West Road
Cambridge
Cambridge, CB3 9DR
Tel 01223 766377
www.lib.cam.ac.uk/<http://www.lib.cam.ac.uk/>
Normal working days are Monday-Wednesday

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lyralists.lyrasis.org/pipermail/archivesspace_users_group/attachments/20190624/89397110/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.jpg
Type: image/jpeg
Size: 4014 bytes
Desc: image001.jpg
URL: <http://lyralists.lyrasis.org/pipermail/archivesspace_users_group/attachments/20190624/89397110/attachment.jpg>


More information about the Archivesspace_Users_Group mailing list