...
- The ACT has a way to manage requests for datasets under ACTAccessRequirement. We need to support the following:
- Ability to view Submitted requests for a particular dataset. Allowing the ACT to see all information and quickly decide if the request contains the required information.
- Ability to approve a request and grant access to all accessors.
- Ability to reject a request, provide the instructions on how to correct/provide the missing information, and send email to requestor.
- The ACT has a way to configure the ACTAccessRequirement to indicate the required information, if the data set requires annual renewal, and if the intended data use statement should be public.
- A requestor has a way to create a request, save it, and submit it to ask for access to a dataset under ACTAccessRequirement.
- A requestor will be able to correct the old request and submit it after the old submission was rejected. They would not need to type/ provide any correct information that they already provided in the old submission.
- A requestor will be able to remove an accessor from his/her approved request. This action takes away the accessor's access to the dataset.
- The system automatically sends annual review reminder emails to accessors.
- An accessor will be able to provide the required information for the annual review process to keep their access to the dataset.
- An accessor will be able to provide the final statement of use when they no longer need to access the controlled data.
- The system will automatically remove AccessApproval from users who have not submitted a renewal request within a year for dataset that requires renewal.
We recognize the needs to support #1 - #7 in the first phase. From the ACT, we haven't had users come back to us with a final statement of use, so #8 would have low priority. We are not very strict about removing access, so not sure if #9 is necessary.
Object Models
| ACTAccessRequirement |
|---|
| (original fields)String instruction |
| Boolean isCertifiedUserRequired |
| Boolean isValidatedProfileRequired |
| Boolean isDUCRequired |
| String ducTemplateFileHandleId |
| Boolean isIRBRequired |
| Boolean areAttachmentsRequired |
| Boolean isAnnualReviewRequired |
| Boolean isIDUPublic |
| ResearchProject |
|---|
| String id |
| String accessRequirementId |
| String institution |
| String projectLead |
| String intendedDataUseStatement |
| String ownerId |
| String createdBy |
| Long createdOn |
| String modifiedBy |
| Long modifiedOn |
Any user can create a ResearchProject. To create a ResearchProject, the following information are required: accessRequirementId, institution, projectLead, intendedDataUseStatement, ownerId, and createdBy. The following fields: id, createdOn, and modifiedOn are set by the system. A user will not be able to change these values.
...
| DataAccessSubmission |
|---|
| String id |
| String dataAccessRequestId |
| String requestorIdsubmittedBy |
| Long submittedOn |
| ResearchProject researchProjectSnapshot |
| List<String> accessors |
| Boolean isRenewalSubmission |
| String ducFileHandleId |
| String irbFileHandleId |
| List<String> attachments |
| String publication |
| String summaryOfUse |
| State state (SUBMITTED, APPROVED, REJECTED, CANCELED) |
| String reviewerId |
| Long reviewedOn |
| String rejectedReason |
...
| Action | Intended User | URI | Method | Request Params | Request Body | Response Body |
|---|
| 1 | create a ResearchProject | Synapse User | /researchProject | POST |
| ResearchProject | ResearchProject |
| 2 | retrieve a ResearchProject | owner | /accessRequirement/{id}/researchProject | GET |
|
| ResearchProject |
| 3 | update a ResearchProject | owner | /researchProject/{id} | PUT |
| ResearchProject | ResearchProject |
| 4 | transfer ownership of a ResearchProject | owner, ACT | /researchProject/{id}/updateOwner | PUT |
| ChangeOwnershipRequest | ResearchProject |
| 5 | create a DataAccessRequest | Synapse User | /dataAccessRequest | POST |
| DataAccessRequest | DataAccessRequest |
| 6 | retrieve a the current DataAccessRequest | creator, ResearchProject's owner | /accessRequirement/{id}/dataAccessRequest | GET |
|
| DataAccessRequestInterface |
| 7 | asking the server for a suitable request object to start with | SynapseUser | /accessRequirement/{id}/requestTemplate | GET |
|
| RequestTemplate |
| 8 | update a DataAccessRequest | creator, ResearchProject's owner | /dataAccessRequest | PUT |
| DataAccessRequestInterface | DataAccessRequestInterface |
| 89 | submit a DataAccessRequest | creator, ResearchProject's owner | /dataAccessSubmission | POST |
| DataAccessRequestInterface | SubmissionStatus |
| 910 | retrieve a list DataAccessSubmission's status | requestor, ResearchProject's owner, accessors | /accessRequirement/{id}/submissionStatus | GET |
|
| SubmissionStatus |
| 1011 | cancel a DataAccessSubmission | requestor, ResearchProject's owner | /dataAccessSubmission/{id}/cancel | PUT |
|
| SubmissionStatus
|
| 1112 | update a DataAccessSubmission | ACT | /dataAccessSubmission | PUT |
| SubmissionStatusChangeRequest | DataAccessSubmission |
| 1213 | retrieve a list of DataAccessSubmission | ACT | /accessRequirement/{id}/listSubmission | GET | nextPageToken, order, filter (by status) |
| DataAccessSubmissionPage |
| ChangeOwnershipRequest |
|---|
| String researchProjectId |
| String newOwnerId |
| RequestTemplate |
|---|
| DataAccessRequestInterface startWith |
| Integer requiredFieldsMask |
| SubmissionStatus |
|---|
| String submissionId |
| State state |
| String rejectedReason |
| Long reviewedOn |
| SubmissionStatusChangeRequest |
|---|
| String submissionId |
| State newState (only APPROVED and REJECTED are valid) |
| String rejectedReason |
Compare behaviors of #6 and #7
| GET /accessRequirement/{id}/dataAccessRequest | /accessRequirement/{id}/requestTemplate |
|---|
| user has not created a request | NotFoundException | empty DataAccessRequest |
| user has a request, zero APPROVED submission | the created DataAccessRequest | the created DataAccessRequest |
| user has an APPROVED submission, requires renewal | the created DataAccessRequest | empty DataAccessRenewal |
| user has an APPROVED submission, renewal not required | the created DataAccessRequest | the created DataAccessRequest |
Notification
| Condition | Target User | Notes |
|---|
| 1 | After a new submission is created | ACT member | Includes link to a page that manages the dataset's access requests |
| 2 | After a submission is approved | Requestor | Includes link to view request |
| 3 | After a submission is rejected | Requestor | Includes reason Includes link to create a new request from the rejected one |
...
