Roles and permissions
Overview of roles and permissions in the DataVault
Different categories of DataVault user have different permissions over vaults. These are known as 'roles', and may have permissions over individual vaults or all vaults within a School.
Individual roles are: Data Owner; Nominated Data Manager; and Depositor.
School roles are: School Data Manager; and School Support Officer.
These roles have permissions to view or carry out actions on a specific vault only.
The creator (or 'Owner') of a vault will normally be the Principal Investigator. Owners have permissions to create a new vault, add more users, or review a vault for deletion. The Owner is also responsible for ensuring that funds are in place to cover any charges associated with deposits made to the vault.
Creating a vault
The Owner may create a vault, and add and retrieve deposits to and from that vault. At the time of the vault's creation, the Owner must specify the School to which the vault belongs.
- Adding other users
The Owner may designate several Nominated Data Managers and/or Depositors of a particular vault (see below). They can subsequently change the list of roles associated with the vault in order to add or remove users, or to change their roles. To do this: click on the vault name, to go to the 'Summary of Vault Metadata' page, then expand the 'Vault Roles' section and use the controls here.
- Review for deletion
As part of the review process chain of custody, the system may prompt the Owner to decide to delete (or recommend deletion), or to retain (or recommend retention) of a particular deposit or vault.
Vaults are typically reviewed ten years after creation, although shorter and longer review periods are also possible. The Owner has the ability to bring forward the Review Date of the vault, eg to enable swifter deletion of the data. The Owner may also push back the Review Date, subject to provision of funds to cover the longer storage period.
On the vault's Review Date in the absence of the Owner and of any Nominated Data Managers, the School Data Manager may make decisions about the continued retention or deletion of the data.
- Changing a vault's Owner
Vaults can only have one Owner at a time. The Owner may transfer ownership of a vault, but this is advisable only in circumstances where the Owner expects no further involvement with the data, or is in the process of leaving the University.
A vault whose Owner has left the University is considered 'orphaned', and becomes the responsibility of the Head of School. Users wishing to take on ownership of orphaned vaults should contact the IS Helpline, who will pass their request to the Head of School for consideration.
Nominated Data Manager
- Adding and retrieving deposits
Acting on behalf of the vault's Owner, a Nominated Data Manager may deposit data into it and retrieve data from it.
- Adding other users
The Nominated Data Manager can add or remove Depositors. They cannot nominate other users as Data Managers, nor change the School to which the vault belongs. To do this: click on the vault name, to go to the 'Summary of Vault Metadata' page, then expand the 'Vault Roles' section and use the controls here.
- Review for deletion
A Nominated Data Manager may bring forward a vault's review date, for example in order to bring about the deletion of the data. As part of the review process chain of custody, the system may prompt a Nominated Data Manager to decide to delete (or recommend deletion), or to retain (or recommend retention) of a particular deposit or vault.
Acting on behalf of the Data Owner, a Depositor may view a vault's metadata, and deposit data into it.
These roles have permissions to view or carry out actions on all vaults belonging to a School.
School Data Manager
Acting on behalf of the Head of School, the School Data Manager may:
- view all vaults belonging to the School,
- add users to a vault and assign vault roles.
School Support Officer
Acting on behalf of the Head of School, the School Support Officer may view all vaults and associated deposits belonging to the School.
Access to the DataVault is by University login at:
N.B. users connecting away from the University network will need to use the VPN.