Solution
From the use cases that listed in this document, we list the summary of the solution below:
- The ACT has a way to manage requests for datasets under ACTAccessRequirement. We need to support the following:
- Ability to view Submitted requests for a particular dataset. Allowing the ACT to see all information and quickly decide if the request contains the required information.
- Ability to approve a request and grant access to all accessors.
- Ability to reject a request, provide the instructions on how to correct/provide the missing information, and send email to requestor.
- The ACT has a way to configure the ACTAccessRequirement to indicate the required information.
- A requestor has a way to create a request, save it, and submit it to ask for access to a dataset under ACTAccessRequirement.
- A requestor will be able to correct the old request and submit it after the old submission was rejected. They would not need to type/ provide any correct information that they already provided in the old submission.
- A requestor will be able to remove an accessor from his/her approved request. This action takes away the accessor's access to the dataset.
- The ACT has the annual review reminder emails automatically sent to accessors.
- An accessor will be able to provide the required information for the annual review process to keep their access to the dataset.
- An accessor will be able to provide the final statement of use when they no longer need to access the controlled data.
- The ACT has a way to mark a request to have it's Project Lead, Institution, and IDU to be publicly available.
Phases
We recognize the needs to support requirements #1, #2, #3, #4 in the first phase. After the first phase is built, requirements #5, #6, #7 will become important.
Based on discussions with the ACT, we haven't had users come back to us with a final statement of use, so #8 would have low priority. #9 could still be solved by an R script.
Object Models
| ACTAccessRequirement |
|---|
| (original fields) |
| String instruction |
| Boolean isCertifiedUserRequired |
| Boolean isValidatedProfileRequired |
| Boolean isDUCRequired |
| String ducFileHandleId |
| Boolean isIRBRequired |
| Boolean areAttachmentsRequired |
| Boolean isAnnualReviewRequired |
| WorkingGroup |
|---|
| String id |
| String accessRequirementId |
| String institution |
| String projectLead |
| String intendedDataUseStatement |
| List<String> members |
| String ownerId |
| String createdBy |
| Long createdOn |
| Long modifiedOn |
| Long gainAccessOn |
Any user can create a WorkingGroup. To create a WorkingGroup, the following information are required: accessRequirementId, institution, projectLead, intendedDataUseStatement, members, ownerId, and createdBy. Id, createdOn, modifiedOn and gainAccessOn are set by the system. A user will not be able to change these values.
After a WorkingGroup is created, only the owner can make changes to the WorkingGroup. The owner can also change the ownership of a working group by changing the ownerId value to another userId that is in the list of members.
| DataAccessRequest |
|---|
| String id |
| String accessRequirementId |
| String createdBy |
| Long createdOn |
| String workingGroupId |
| String ducFileHandleId |
| String irbFileHandleId |
| List<String> attachments |
| Long modifiedOn |
Any user can create a DataAccessRequest to a given AccessRequirement. To create a DataAccessRequest, the following fields are required: accessRequirementId, and createdBy. Id, createdOn, and modifiedOn are set by the system. A user cannot change these values.
Only creator of DataAccessRequest can update, and submit the request. To submit a request, it has to meet the requirements specified in the associated AccessRequirement.
Once a request is submitted, a DataAccessSubmission object is created. While there is an DataAccessSubmission with status SUBMITTED, it's associated DataAccessRequest no longer available for update & submit.
| DataAccessSubmission |
|---|
| String id |
| String dataAccessRequestId |
| String requestorId |
| Long submittedOn |
| String workingGroupId |
| String ducFileHandleId |
| String irbFileHandleId |
| List<String> attachments |
| State state (SUBMITTED, APPROVED, REJECTED, CANCELED) |
| String reviewerId |
| Long reviewedOn |
| String rejectedReason |
| Boolean canPublicAccess |
Once a DataAccessSubmission is created, it will have state SUBMITTED until a reviewer (ACT member) review and update its status.
After a submission is Rejected and a reason is provided, the submission is closed for modification.
After a submission is Approved, the only update an ACT member can perform is changing the value of 'canPublicAccess.'
When an ACT member approves a submission, multiple AccessApproval are created for each member of the working group.
When the owner of a working group remove a user, the associated AccessApproval for that user will be remove.
When the owner of a working group add a user, he/she will also need to update the request and create a new submission. An ACT member will review the new submission and make decision to grant access to the new member.
Services
| Action | Intended User | URI | Method | Request Params | Request Body | Response Body | |
|---|---|---|---|---|---|---|---|
| 1 | create a WorkingGroup | SynapseUser | /workingGroup | POST | WorkingGroup | WorkingGroup | |
| 2 | retrieve a WorkingGroup | owner | /accessRequirement/{id}/workingGroup | GET | WorkingGroup | ||
| 3 | update a WorkingGroup | owner | /workingGroup | PUT | WorkingGroup | WorkingGroup | |
| 4 | transfer ownership of a WorkingGroup | owner | /workingGroup/{id}/updateOwner | PUT | WorkingGroup | WorkingGroup | |
| 5 | create a DataAccessRequest | Synapse User | /dataAccessRequest | POST | DataAccessRequest | DataAccessRequest | |
| 6 | retrieve a DataAccessRequest | creator | /accessRequirement/{id}/listRequest | GET | DataAccessRequest | ||
| 7 | update a DataAccessRequest | creator | /dataAccessRequest | PUT | DataAccessRequest | DataAccessRequest | |
| 8 | submit a DataAccessRequest | creator | /dataAccessSubmission | POST | DataAccessRequest | DataAccessSubmission | |
| 9 | retrieve a list DataAccessSubmission | requestor | /accessRequirement/{id}/listSubmission | GET | nextPageToken | DataAccessSubmissionPage | |
| 10 | cancel a DataAccessSubmission | requestor | /dataAccessSubmission/{id}/cancel | PUT | DataAccessSubmission | ||
| 11 | update a DataAccessSubmission | ACT | /dataAccessSubmission | PUT | DataAccessSubmission | DataAccessSubmission | |
| 12 | retrieve a list of DataAccessSubmission | ACT | /accessRequirement/{id}/listSubmission | GET | nextPageToken, filter (by status) | DataAccessSubmissionPage |
Notification
| Condition | Target User | Notes | |
|---|---|---|---|
| 1 | After a new submission is created | ACT member | Includes link to a page that manages the dataset's access requests |
| 2 | After a submission is approved | Accessors | Includes link to dataset |
| 3 | After a submission is rejected | Requestor | Includes reason Includes link to create a new request from the rejected one |