Skip to end of banner
Go to start of banner

Solution and Services

Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 56 Next »

Solution

From the use cases that listed in this document, we list the summary of the solution below:

  1. The ACT has a way to manage requests for datasets under ACTAccessRequirement. We need to support the following:
    1. Ability to view Submitted requests for a particular dataset. Allowing the ACT to see all information and quickly decide if the request contains the required information.
    2. Ability to approve a request and grant access to all accessors.
    3. Ability to reject a request, provide the instructions on how to correct/provide the missing information, and send email to requestor.
  2. The ACT has a way to configure the ACTAccessRequirement to indicate the required information, if the data set requires annual renewal, and if the intended data use statement should be public. 
  3. A requestor has a way to create a request, save it, and submit it to ask for access to a dataset under ACTAccessRequirement. 
  4. A requestor will be able to correct the old request and submit it after the old submission was rejected. They would not need to type/ provide any correct information that they already provided in the old submission.
  5. A requestor will be able to remove an accessor from his/her approved request. This action takes away the accessor's access to the dataset.
  6. The system automatically sends annual review reminder emails to accessors.
  7. An accessor will be able to provide the required information for the annual review process to keep their access to the dataset.
  8. An accessor will be able to provide the final statement of use when they no longer need to access the controlled data.
  9. The system will automatically remove AccessApproval from users who have not submitted a renewal request within a year for dataset that requires renewal.

We recognize the needs to support #1 - #7 in the first phase. From the ACT, we haven't had users come back to us with a final statement of use, so #8 would have low priority. We are not very strict about removing access, so not sure if #9 is necessary. 

Object Models

ACTAccessRequirement
(original fields)
Boolean isCertifiedUserRequired
Boolean isValidatedProfileRequired
Boolean isDUCRequired
String ducTemplateFileHandleId
Boolean isIRBApprovalRequired
Boolean areOtherAttachmentsRequired
Boolean isAnnualReviewRequired
Boolean isIDUPublic
ResearchProject
String id
String accessRequirementId
String institution
String projectLead
String intendedDataUseStatement
String ownerId
String createdBy
Long createdOn
String modifiedBy
Long modifiedOn

Any user can create a ResearchProject. To create a ResearchProject, the following information are required: accessRequirementId, institution, projectLead, intendedDataUseStatement, ownerId, and createdBy. The following fields: id, createdOn, and modifiedOn are set by the system. A user will not be able to change these values.

After a ResearchProject is created, only the owner can make changes to a ResearchProject. The owner can also change the ownership of a ResearchProject by changing the ownerId value to another userId that has been granted access to the dataset under the same ResearchProject. After taking over the ResearchProject, a user would have the same permissions with the DataAccessRequest's creator.

DataAccessRequest implements DataAccessRequestInterface
String id
String accessRequirementId
String createdBy
Long createdOn
String researchProjectId
List<String> accessors
String ducFileHandleId
String irbFileHandleId
List<String> attachments
String modifiedBy
Long modifiedOn

Any user can create a DataAccessRequest to a given AccessRequirement. To create a DataAccessRequest, the following fields are required: accessRequirementId, and createdBy. The following fields: id, createdOn, and modifiedOn are set by the system. A user cannot change these values.

Only creator of DataAccessRequest can update, and submit the request. To submit a request, it has to meet the requirements specified in the associated AccessRequirement.

Once a request is submitted, a DataAccessSubmission object is created. While there is an DataAccessSubmission with status SUBMITTED, it's associated DataAccessRequest no longer available for update & submit. 

DataAccessRenewal implements DataAccessRequestInterface extends DataAccessRequest
String publication
String summaryOfUse

Once a DataAccessSubmission is approved and requestor wants to add/ remove accessors, he/she needs to update the request with a DataAccessRenewal, given the publication and summaryOfUse in addition to editing the existing information from the original DataAccessRequest. 

Submitting a DataAccessRenewal will also result in a DataAccessSubmission being created with status SUBMITTED. 

DataAccessSubmission
String id
String dataAccessRequestId
String submittedBy
Long submittedOn
ResearchProject researchProjectSnapshot
List<String> accessors
Boolean isRenewalSubmission
String ducFileHandleId
String irbFileHandleId
List<String> attachments
String publication
String summaryOfUse
State state (SUBMITTED, APPROVED, REJECTED, CANCELED)
String reviewerId
Long reviewedOn
String rejectedReason

Once a DataAccessSubmission is created, it will have state SUBMITTED until a reviewer (ACT member) review and update its status. 

After a submission is Rejected and a reason is provided, the submission is closed for modification.

When an ACT member approves a submission, multiple AccessApproval are created for each accessor. 

When a requestor adds/removes a user, he/she will also need to update the request and create a new submission. An ACT member will review the new submission and make decision to grant/revoke access to the accessor. 

Services


ActionIntended UserURIMethodRequest ParamsRequest BodyResponse Body
1create a ResearchProjectSynapse User/researchProjectPOST
ResearchProjectResearchProject
2retrieve a ResearchProjectowner/accessRequirement/{id}/researchProjectGET

ResearchProject
3update a ResearchProjectowner/researchProject/{id}PUT
ResearchProjectResearchProject
4transfer ownership of a ResearchProjectowner, ACT/researchProject/{id}/updateOwnerPUT
ChangeOwnershipRequestResearchProject
5create a DataAccessRequestSynapse User/dataAccessRequestPOST
DataAccessRequestDataAccessRequest
6retrieve the current DataAccessRequestcreator, ResearchProject's owner/accessRequirement/{id}/dataAccessRequestGET

DataAccessRequestInterface
7asking the server for a suitable request object to start withSynapseUser/accessRequirement/{id}/dataAccessRequestForUpdateGET

DataAccessRequestInterface
8update a DataAccessRequestcreator, ResearchProject's owner/dataAccessRequest/{id}PUT
DataAccessRequestInterfaceDataAccessRequestInterface
9submit a DataAccessRequestcreator, ResearchProject's owner/dataAccessSubmissionPOST
DataAccessRequestInterfaceSubmissionStatus
10retrieve the latest DataAccessSubmission's statusrequestor, ResearchProject's owner, accessors/accessRequirement/{id}/submissionStatusGET

SubmissionStatus
11cancel a DataAccessSubmissionrequestor, ResearchProject's owner/dataAccessSubmission/{id}/cancelPUT

SubmissionStatus
12update a DataAccessSubmissionACT/dataAccessSubmission/{id}PUT
SubmissionStatusChangeRequestDataAccessSubmission
13retrieve a list of DataAccessSubmissionACT/accessRequirement/{id}/listSubmissionGETnextPageToken, order, filter (by status)
DataAccessSubmissionPage
14retrieve a list of Approval Status for a given list of AccessRequirementSynapseUser/accessApproval/statusPOST
AccessApprovalStatusRequestAccessApprovalStatusResults
ChangeOwnershipRequest
String researchProjectId
String newOwnerId
SubmissionStatus
String submissionId
State state
String rejectedReason
Long reviewedOn
SubmissionStatusChangeRequest
String submissionId
State newState (only APPROVED and REJECTED are valid)
String rejectedReason
AccessApprovalStatusRequest
List<String> accessRequirementIdList
AccessApprovalStatusResults
List<AccessApprovalStatusResult> results
AccessApprovalStatusResult
String accessRequirementId
String accessApprovalId (null if there is no AccessApproval associated with the given access requirement)
SubmissionStatus submissionStatus (null if there is no DataAccessSubmission associated with the given access requirement)
FailureCode failureCode (UNAUTHORIZED, NOT_FOUND)


Compare behaviors of #6 and #7


GET /accessRequirement/{id}/dataAccessRequestGET /accessRequirement/{id}/dataAccessRequestForUpdate
user has not created a requestNotFoundExceptionempty DataAccessRequest
user has a request, zero APPROVED submissionthe created DataAccessRequestthe created DataAccessRequest
user has an APPROVED submission, requires renewalthe created DataAccessRequestre-filled DataAccessRenewal
user has an APPROVED submission, renewal not requiredthe created DataAccessRequestthe created DataAccessRequest


Notification


ConditionTarget UserNotes
1After a new submission is createdACT memberIncludes link to a page that manages the dataset's access requests
2After a submission is approvedRequestorIncludes link to view request
3After a submission is rejectedRequestor

Includes reason

Includes link to create a new request from the rejected one




  • No labels