Access rights model
We intend to have a lean model of access rights. Major dimensions are whether a user
- is allowed to author pages on the wiki (this leads to the differentiation between user types 0 and 1)
- is allowed to access research data (this leads to the differentiation between user types 1 and 2).
| user type | description | reading content | authoring content | needs login | accessing research data stored in wiki |
|---|---|---|---|---|---|
| 0 | any internet user | only those in the namespaces (Main), DecodingWork, PublishedWork, User, File, Category, unless restricted | none | no | only those without restricted access |
| 1 | registered wiki user | in any namespace unless restricted | in any namespace | yes | only those without restricted access |
| 2 | researcher | in any namespace | in any namespace | yes | those with and without restricted access |
| ∞ | administrator | in any namespace | in any namespace | yes | those with and without restricted access |
In wiki jargon a namespace refers to a certain category of content. See the Wikimedia manual for details.
Research data with restricted access
One of the major purposes of this wiki is to make available research data such as e.g. interview recordings, transcripts, assessment items, or assessment data. Access to such data can be either unrestricted or restricted. Research data with restricted access is only accessible to users of type 2 which requires to be logged in. That is, being logged in is a necessary condition to exercise the access rights of user type 2. Likewise being logged out is sufficient to (temporarily) not having these privileges.
People might be willing to share project data with a limited number of trusted people but are hesitant to make it available to the whole world without restriction. For this reason restricted access has been implemented here.
To explain access rights by virtue of an example let's imagine users Amy One (of type 1), Bertram Two (of type 2), Cecil, Dagmar, and Elly Three (of type 3). Dagmar and Elly restrict access to (some of) their resources. That means that only Cecil, Dagmar and Elly to have access to these resources. Amy and Bertram don't.
Note that access restriction is by group not by person. Access is restricted to user type 2 (or "higher"). It is not possible that Cecil restricts access to Dagmar only. (As a matter of fact, aiming at a lean access rights model restriction by person is not intended.)
Also note, that access restriction only restricts access to content but not knowledge about content. That is Amy and Bertram might learn from a content page that a restricted resource exists.
For a real example visit both Group activities in interactive teaching and Limits and go the respective sections "Available resources."
- In the case of Group activities in interactive teaching you will have unrestricted access to the resources offered.
- In the case of Limits you won't have access to the resources offered (unless you have access rights of user type 2 which requires to be logged in - so log out in order to check the discussed feature). Following the link will result in an permission error.
Technically access to content is restricted by adding
<bs:pageaccess groups="sysop,researcher" />
to the content page. To do so using the source code editor, just insert this line (any place will be fine). Using the visual editor select Insert>Magic word>pageaccess. Restricting access rights is not a regular feature of Wikimedia and one of the reasons why the BlueSpice extension has been chosen as a platform for this project.
Getting access to privileges of user type 2 ("researcher")
There isn't an automated process to get access rights of user type 2. And there is no plan that there will be one. Instead access rights need to be granted manually by an administrator. Only users of type 1 can apply for access rights of user type 2. In order to do so they need to send an email to an administrator. It is the administrator's responsibility to check and decide whether applicants can trustfully granted the privileges of user type 2.
At a certain point there will be a dedicated email address for access rights applications. For the time being, requests for access rights of user type 2 need to be send to p.riegler@ostfalia.de.
Namespaces without read access
There are namespaces which serve internal purposes like the the namespace Projekt which is used for project management. Typically users of type 0 are not allowed to read such pages. However, it applies what has stated above in the context of research data with restricted access: access restrictions only restrict access to content but not knowledge about content.
For instance, a user of type 0 might type "access rights" into the search bar. By that he or she will learn about the existence of the page Projekt:Access_Rights (this very page) located in the Projekt namespace. However, he or she cannot access its content as users of type 0 don't have access to the namespace Projekt.
