Understanding Avalon Roles and Permissions


The second release of Avalon will have collections-based roles and permissions. This post describes what we've designed in hopes of getting your comments. Does this make sense? Is it easy to see how you would map these to your organization?

Units, Collections and Items


First, some definitions.


A unit is a grouping of collections. Usually, a unit will map to an administrative unit.


A collection is a grouping of related items. 


An item is a bibliographic unit comprised of one or more audio or video files.


So it's a hierarchy--a strict hierarchy in that items can only belong to one collection, and a collection belongs to only one unit. If you need to make other kinds of groupings, such as for course reserves, special exhibits, or shared access restrictions, those will be accomplished through other mechanisms. The hierarchy defined above is for ownership and responsibility.


Both units and collections will show up in as facets for search and browse.

Roles and Permissions


We've designed the four roles below for the second release.



Administrators will be a select few who have responsibility for providing an Avalon-based service. The administrators assign people to the manager role and maintain the list of units. Administrators are the only ones who can see and modify items in any collection.



Managers are those within a given unit who have overall accountability for the collection building within Avalon. Managers get to create collections and assign editor and depositor roles for those collections. They set the default access controls for items added to the collection, and they also step in when a published item needs revising or deleting.



Editors have supervisory responsibility for the collection building--the ingest and description process. They can assign depositor roles, change the name or description of the collection, and can modify the access controls for individual items in the collection.



Depositors add media to the collection and describe it with metadata. They can publish items but not unpublish. They can only modify or delete unpublished items.


Permissions are also a hierarchy--an editor can do anything a depositor can do, and a manager can do anything editors and depositors do, and an administrator can do anything. Smaller organizations may not have a need for all four roles. But we hope that these four roles can be used to support even the largest, most complex institutions. 


An additional means of handling complexity would be to have multiple instances of Avalon running. If some collections are so self-contained that they don't need to share discovery services with other collections, running a separate instance may be the best way to handle the separation.


The chart below provides another view of the hierarchy of roles and their associated permissions.



Until we all start applying these roles, we won't know exactly what to recommend. Libraries tend to have few but large collections. Archives tend to have many more collections. How can we best organize our media collections to have them be both manageable and appropriately discoverable?


Questions? Suggestions? 


Blog Categories: