Access roles for a Workgroup are defined by permitted actions for a Resource Type and in a specified Context (view). The roles are labeled in a hierarchy of increasing permissions, with Resource Identifier having the fewest permissible actions. The right-click menus are configured for your role in the Workgroup that owns the selected Resource; thus the options will include only actions permitted for your access role and that are available for the Resource type. See CERFAccessRoles.pdf for a visual representation.
The table shows the access roles as defined in the default ontologies in CERF. Note that the labels or privileges shown here may be customized for your organization. As explained below, permissions for the roles of Metadata Editor, File Cabinet Editor, and File Cabinet Manager are different in the context of Notebooks vs. File Cabinets.
Note: A change to a user’s Public Access Role will require the user to logout and then log back in for the new permission to register
| Access Role | Privileges |
|---|---|
| Resource Identifier | Able to see the title of Resources in a CERF File Cabinet or Notebook. May not view contents of a Resource. The only right-click menu options available are for Search > Locations, Search > Navigate, or Send Notifications. This user cannot create File Cabinets or Notebooks for the Workgroup, nor set access level on Resources, submit Resources, export Resources, edit, or sign Resources. While using the Search Panel, a Resource Identifier is unable to retrieve results for resources in the workgroup where assigned this role. They will still find results in workgroups where they are assigned a higher role. |
| Guest | Same privileges as Resource Identifier plus the privilege of viewing Resources as read-only copies. The right-click menu for a user with the role of Guest adds ability to View Resource, View Resource Info, add Bookmark, and Copy (but there are no Paste Options). |
| Digital Cosigner | Same privileges as Guest plus the ability to Print and Cosign a Resource (may not initiate signing because this user is not permitted to be a Resource contributor). Cosigning requires that the Resource be accessible by the initial signer and cosigner and that the cosigner be a member of the initial signer’s Signature Workgroup. |
| Annotator | The same privileges as Digital Signer plus the ability to add annotations to Resources. (Annotators may also copy and paste as a relation, and in the context of a File Cabinet can edit metadata) |
| Metdata Editor | In the context of a File Cabinet, a Metadata Editor has the same privileges as Annotator plus the ability to edit metadata. Note that in a File Cabinet, Metadata Editors can put a resource under version control and can make it final. In the context of a Notebook, this role is the same as Annotator. The Metadata Editor would not be able to Finalize a Resource nor Edit Metadata. |
| File Cabinet Editor | In the context of a File Cabinet, a File Cabinet Editor has the same privileges as a metadata editor and can also add, edit and version and remove Resources. A File Cabinet Editor can also copy and paste as a new resource or version and Set an Official Print Copy. In the context of a Notebook, this role is the same as Annotator plus the ability to add a Placeholder on a Page. The File Cabinet Editor would not be able to Checkout, Edit, Cut, Delete, Finalize or Rename a Resource. They will be unable to Edit Metadata, Save Sorted Views or Close a Collection. |
| Notebook Editor | In the context of File Cabinets, a Notebook Editor has the same privileges as a File Cabinet Editor. In the context of Notebooks, a Notebook Editor can add, edit, rename and version resources. A Notebook Editor can save a Sorted View in Flexible Notebooks. |
| File Cabinet Manager | In the context of File Cabinets, a File Cabinet Manager has the same privileges as a File Cabinet Editor and can also create File Cabinets, delete a Resource (if policy permits), archive, and set resource access. A File Cabinet Manager can save a Sorted View for a Folder. In the context of a Notebook, this role is the same as Annotator. The File Cabinet Manager would not be able to Checkout, Edit, Cut, Delete, Finalize or Rename a Resource. They will be unable to Edit Metadata, Save Sorted Views or Close a Collection. |
| Notebook Creator zzzzzzzzzzzzzzzzzz | In the context of File Cabinets, a Notebook Creator has the same privileges as File Cabinet Manager. In the context of Notebooks, a Notebook Creator has the same privileges as a Notebook Editor and can create Notebooks if business policy allows users to create Notebooks. |
Keeping it simple
When deciding on an Access Role for a user in a Workgroup, first determine if they need to work with Notebooks. If the user will only edit resources in File Cabinets, then choose any of the roles except for Notebook Editor or Notebook Creator. If the user will be editing in both Notebooks and File Cabinets, the suitable roles would be either Notebook Editor or Notebook Creator.
If the user will only need to review work in order to Digitally Cosign Notebooks, then choose either Digital Cosigner, Annotator or Metadata Editor.
The Resource Identifier and Guest roles are useful for locating and possibly viewing (Guest role) resources, especially for auditing purposes.
< Access Control up Workgroups >