From 8d35f593bd75e66ce5add9bdc21a34fc4e240db1 Mon Sep 17 00:00:00 2001 From: Jon Massey Date: Wed, 25 Sep 2024 20:03:31 +0100 Subject: [PATCH] ADR: allowing ProjectDeveloper view released file --- ...t-projectdevelopers-view-released-files.md | 41 +++++++++++++++++++ 1 file changed, 41 insertions(+) create mode 100644 docs/0024-grant-projectdevelopers-view-released-files.md diff --git a/docs/0024-grant-projectdevelopers-view-released-files.md b/docs/0024-grant-projectdevelopers-view-released-files.md new file mode 100644 index 000000000..cc4e80565 --- /dev/null +++ b/docs/0024-grant-projectdevelopers-view-released-files.md @@ -0,0 +1,41 @@ +# 24. Grant Project Developers permission to view released files + +Date: 2024-09-25 + +## Status + +Accepted + +## Context + +There are two roles that are assigned at project level to researchers working on a project: `ProjectDeveloper` and `ProjectCollaborator`. + +`ProjectCollaborator` can + +- view outputs that have been released to Job Server. + `ProjectDeveloper` can +- Run and cancel jobs. +- Manage a project (edit project metadata). +- Create and manage workspaces. +- View unreleased outputs on Level 4 and request their release. +- Request that released outputs are published. + +Any person assigned the `ProjectDeveloper` role will have been deemed a bona fide researcher who has signed the required agreements to view unreleased outputs. + +Viewing of released outputs, which have undergone the output checking process, requires fewer such checks on the person in question and is made available to collaborators on a project who might not necessarily be the primary researchers. +Thus, the `ProjectCollaborator` is sometimes assigned to people who are not assigned the `ProjectDeveloper` role. + +Persons assigned the `ProjectDeveloper` role also need to view released outputs and so are routinely also assigned the +`ProjectCollaborator` role. This has caused confusion (see [#4519](https://github.com/opensafely-core/job-server/issues/4519)) and we cannot see a good reason why this permission is omitted from the `ProjectDeveloper` role. + +## Decision + +The "view released outputs" permission (`release_file_view`) shall be granted to the `ProjectDeveloper` role. + +## Consequences + +The Bennett Team Manual will need to be updated to remove recommendations to assign both of these roles to research users. + +The Bennett Information Governance Team will need to be made aware of this change. + +There will remain now-redundant assignments of both `ProjectDeveloper` and `ProjectCollaborator` in the Job Server database until these are rectified.