...
Tier 3: (Tier 1) + (Tier 2) + User access must be requested/approved through an institutional review board (IRB).
...
Design
Security Model
- In the entity schema we allow a field to have a (some?) permission(s) which a user need to have before the field can be accessed.
...
An entity may have Requirement child entities. These entities contain the details of what is required to obtain specific permissions on the object (e.g. <Location,EULA,/eula/987>. The PRM refers to these objects to make its assessment.
Additional Services
- permissionRequest service: Once the requirements are fulfilled, this allows a user to request that a permission granted for them (or should this be rolled into the permissionRequirements?)
- requirements CRUD services: allows the owner of an object to craft requirements for an object (or should this be rolled into the current permissions manager?)
Tier 1 Approval Process
Here the user signs the Tier 1 agreement upon account creation and is added to a "Tier 1 group". The group has the Download role for all Tier 1 data layers.
...