Requirements
From the use cases that listed in this document, we summarize the requirements below:
- The ACT needs a way to manage requests for datasets under ACTAccessRequirement. We need to support the following:
- Ability to view Submitted requests for a particular dataset. Allowing the ACT to see all information and quickly decide if the request contains the required information.
- Ability to approve a request and grant access to all accessors.
- Ability to reject a request, provide the instructions on how to correct/provide the missing information, and send email to requestor.
- The ACT needs a way to configure the ACTAccessRequirement to indicate the required information.
- A requestor needs a way to create a request, save it, and submit it to ask for access to a dataset under ACTAccessRequirement.
- A requestor needs to be able to correct the old request and submit it after the old submission was rejected. They would not need to type/ provide any correct information that they already provided in the old submission.
- A requestor needs to be able to remove an accessor from his/her approved request. This action takes away the accessor's access to the dataset.
- The ACT needs to have the annual review reminder emails automatically sent to accessors.
- An accessor needs to be able to provide the required information for the annual review process to keep their access to the dataset.
- An accessor needs to be able to provide the final statement of use when they no longer need to access the controlled data.
- The ACT needs to way to mark a request to have it's Project Lead, Institution, and IDU to be publicly available.
Phases
We recognize the needs to support requirements #1, #2, #3, #4 in the first phase. After the first phase is built, requirements #5, #6, #7 will become important.
Based on discussions with the ACT, we haven't had users come back to us with a final statement of use, so #8 would have low priority. #9 could still be solved by an R script.
Object Models
| ACTAccessRequirement |
|---|
| (original fields) |
| String instruction |
| Boolean isCertifiedUserRequired |
| Boolean isValidatedProfileRequired |
| Boolean isDUCRequired |
| String ducFileHandleId |
| Boolean isIRBRequired |
| Boolean areAttachmentsRequired |
| Boolean isAnnualReviewRequired |
| DataAccessRequest |
|---|
| String id |
| String accessRequirementId |
| String createdBy |
| Long createdOn |
| String projectLead |
| String institution |
| String intendedDataUseStatementFileHandleId |
| List<String> accessors |
| String ducFileHandleId |
| String irbFileHandleId |
| List<String> attachments |
| Long modifiedOn |
Any user can create a DataAccessRequest. To create a DataAccessRequest, the following fields are required: accessRequirementId, and createdBy. A user can only create one DataAccessRequest to a given AccessRequirement.
Only creator of DataAccessRequest can update, and submit the request. To submit a request, it has to meet the requirements specified in the associated AccessRequirement.
Once a request is submitted, a DataAccessSubmission object is created. While there is an DataAccessSubmission with status SUBMITTED, it's associated DataAccessRequest no longer available for update & submit.
| DataAccessSubmission |
|---|
| String id |
| String dataAccessRequestId |
| String requestorId |
| Long submittedOn |
| String projectLead |
| String institution |
| String intendedDataUseStatementFileHandleId |
| List<String> accessors |
| String ducFileHandleId |
| String irbFileHandleId |
| List<String> attachments |
| State state (SUBMITTED, APPROVED, REJECTED, CANCELED) |
| String reviewerId |
| Long reviewedOn |
| String rejectedReason |
| Boolean canPublicAccess |
Once a DataAccessSubmission is created, it will have state SUBMITTED until a reviewer (ACT member) review and update its status.
Services
| Action | Intended User | URI | Method | Request Params | Request Body | Response Body | |
|---|---|---|---|---|---|---|---|
| 1 | create a DataAccessRequest | Synapse User | /dataAccessRequest | POST | DataAccessRequest | DataAccessRequest | |
| 2 | retrieve a DataAccessRequest | creator | /accessRequirement/{id}/listRequest | GET | DataAccessRequest | ||
| 3 | update a DataAccessRequest | creator | /dataAccessRequest | PUT | DataAccessRequest | DataAccessRequest | |
| 4 | submit a DataAccessRequest | creator | /dataAccessSubmission | POST | DataAccessRequest | DataAccessSubmission | |
| 5 | retrieve a list DataAccessSubmission | requestor | /accessRequirement/{id}/listSubmission | GET | nextPageToken | DataAccessSubmissionPage | |
| 6 | cancel a DataAccessSubmission | requestor | /dataAccessSubmission/{id}/cancel | PUT | DataAccessSubmission | ||
| 7 | update a DataAccessSubmission | ACT | /dataAccessSubmission | PUT | DataAccessSubmission | DataAccessSubmission | |
| 8 | retrieve a list of DataAccessSubmission | ACT | /accessRequirement/{id}/listSubmission | GET | nextPageToken, filter (by status) | DataAccessSubmissionPage |
Notification
| Condition | Target User | Notes | |
|---|---|---|---|
| 1 | After a new submission is created | ACT member | Includes link to a page that manages the dataset's access requests |
| 2 | After a submission is approved | Accessors | Includes link to dataset |
| 3 | After a submission is rejected | Requestor | Includes reason Includes link to create a new request from the rejected one |