Guide to managing collection access
Contents
Sharing a Collection with others
Viewing requests to access a Collection
Processing access requests for a Collection
Revoking access to a Collection
Introduction
This guide provides instructions on how a Collection owner or administrator can self-manage access control for their Collection(s) to enable easy sharing and collaboration with others.
Operations
This guide describes how to:
- Share access to a Collection with other QRIScloud users
- View requests for Collection access
- Process requests for Collection access
- Revoke access to a Collection.
Before you begin
Each person with whom you share a Collection will need to have both an Australian Access Federation login and to have registered for a QRIScloud account.
Each Collection has two access groups associated with it:
- The access group called “Qnnnn read-write” (where Qnnnn is the Collection ID) controls read-write access to the Collection
- The access group called “Qnnnn read-only” controls read-only access.
One of three roles can be assigned to a person per Collection access group:
- User – allows access to the Collection with the respective permissions of the group.
- Administrator – an administrator can:
- View and process requests for the group
- Add a person with the User role to the group
- Remove a person with the User role from the group
- Owner – an owner can:
- Perform the same functions as an Administrator
- Add a person with the Administrator or Owner role to the group
- Remove a person with the Administrator or Owner role from the group.
Sharing a Collection with others
There are three stages in granting access to a Collection:
- The Collection owner or administrator invites someone to access a Collection
- The invitee completes the access request
- The Collection owner or administrator processes the request.
This process helps protect privacy and provides a safeguard against any incorrect granting of Collection access.
Inviting access to a collection
To invite someone to access a Collection through an access group, you must either be a Collection owner or administrator for that access group.
To send an invitation to someone to access a Collection:
- Log in to the QRIScloud portal using your AAF credentials.
- Navigate to the Services Dashboard (click on “MY SERVICES” in the top navigation bar)
- In the “QRISdata Collection Storage section you will find a list of Collection access groups to which you have been granted membership and the role that has been granted to you.
- Click on the entry for the Collection access group to which you are inviting someone.
- Scroll down to the “Invite others” section.
- Depending on your role, you will have up to three possibilities presented:
- Invite someone to request access as a User
- Invite someone to request access as an Administrator
- Invite someone to request access as an Owner
- Copy the appropriate link. Email this link to the person you are inviting to enable them to submit a request to access a Collection via the access group you administer.
When the person to whom you have emailed the link clicks on it, they will then be taken to a form to complete and submit an access request. If they have not registered with QRIScloud, they will be taken to a registration form before being able to complete their access request. Once they submit the request it will appear in a set of access requests for a Collection owner or administrator to process.
Email notification
Once the access request form has been completed and submitted, the Collection owners and administrators will be sent an email to notify them that a new access request is waiting to be processed. The email will contain a link that takes the Collection owner or administrator directly to the QRIScloud form to process the request.
Viewing requests to access a Collection
To view access requests for a Collection access group, you must either be a Collection owner or an administrator for that access group.
To view requests for Collection access:
- Log in to the QRIScloud portal using your AAF credentials.
- Navigate to the Services Dashboard (click on “MY SERVICES” in the top navigation bar)
- If there are access requests to process, then a section titled “Requests” will be displayed, which will contain a list of access requests to process.
Each entry in the list shows:
- Who initiated the request
- What role has been requested
- Which access group for the Collection has been selected
- The Collection title
- Timestamp for when the request was last updated.
Processing access requests for a Collection
To process an access request for a Collection access group, you must either be a Collection owner or administrator for that access group.
To process an access request for a Collection:
- Log in to the QRIScloud portal using your AAF credentials
- Navigate to the Services Dashboard (click on “MY SERVICES” in the top navigation bar)
There are two ways to view Open requests: The first way is to look in the “Requests” section on this Dashboard page to see the list of access requests for the Collection access group. The second way is to click on an access group for a Collection and choose the “Open” filter to see the list of access requests to be processed.
- Locate the request to process.
- Click on the access request you wish to process
- Complete the “Response” field
- Choose to:
- Deny the request
- Approve the request
- Save the request to come back to later
Revoking access to a Collection
To revoke access to a Collection access group, you must either be a Collection owner or administrator for that access group.
To revoke access to a Collection:
- Log in to the QRIScloud portal using your AAF credentials
- Navigate to the Services Dashboard (click on “MY SERVICES” in the top navigation bar)
- In the “QRISdata Collection Storage” section you will see a list of Collections access groups for which you have either owner or administrator roles
- Click on the Collection access group you wish to examine
- In the “Group members” section you will see the list of users assigned to this group. There is a further indication if one of those is an owner or administrator.
- Click on the link to view all access requests for this Collection group
- Choose the “Approved” filter. The filters are:
- Open – access requests awaiting processing
- Approved – access requests that have been previously approved
- Denied – access requests that have previously been denied
- Withdrawn – access requests where the user has withdrawn their request prior to it being processed.
- Locate the request to be revoked
- Click on the request
- Click on the “Revoke role and reopen” button
This revokes the user’s access and current role from the Collection access group and places the request back into an Open state where it can then be re-processed.