/
Solution and Services

Solution and Services

Jul 03, 2017

Solution

From the use cases that listed in this document, we list the summary of the solution below:

  1. The ACT has a way to manage requests for datasets under ACTAccessRequirement. We need to support the following:

    1. Ability to view Submitted requests for a particular dataset. Allowing the ACT to see all information and quickly decide if the request contains the required information.

    2. Ability to approve a request and grant access to all accessors.

    3. Ability to reject a request, provide the instructions on how to correct/provide the missing information, and send email to requestor.

  2. The ACT has a way to configure the ACTAccessRequirement to indicate the required information, if the data set requires annual renewal, and if the intended data use statement should be public. 

  3. A requestor has a way to create a request, save it, and submit it to ask for access to a dataset under ACTAccessRequirement. 

  4. A requestor will be able to correct the old request and submit it after the old submission was rejected. They would not need to type/ provide any correct information that they already provided in the old submission.

  5. A requestor will be able to remove an accessor from his/her approved request. This action takes away the accessor's access to the dataset.

  6. The system automatically sends annual review reminder emails to accessors.

  7. An accessor will be able to provide the required information for the annual review process to keep their access to the dataset.

  8. An accessor will be able to provide the final statement of use when they no longer need to access the controlled data.

  9. The system will automatically remove AccessApproval from users who have not submitted a renewal request within a year for dataset that requires renewal.

We recognize the needs to support #1 - #7 in the first phase. From the ACT, we haven't had users come back to us with a final statement of use, so #8 would have low priority. We are not very strict about removing access, so not sure if #9 is necessary. 

Object Models

ACTAccessRequirement

ACTAccessRequirement

(original fields)

Boolean isCertifiedUserRequired

Boolean isValidatedProfileRequired

Boolean isDUCRequired

String ducTemplateFileHandleId

Boolean isIRBApprovalRequired

Boolean areOtherAttachmentsRequired

Boolean isAnnualReviewRequired

Boolean isIDUPublic

ResearchProject

ResearchProject

String id

String accessRequirementId

String institution

String projectLead

String intendedDataUseStatement

String ownerId

String createdBy

Long createdOn

String modifiedBy

Long modifiedOn

Any user can create a ResearchProject. To create a ResearchProject, the following information are required: accessRequirementId, institution, projectLead, intendedDataUseStatement, ownerId, and createdBy. The following fields: id, createdOn, and modifiedOn are set by the system. A user will not be able to change these values.

After a ResearchProject is created, only the creator can make changes to a ResearchProject. The owner can also change the ownership of a ResearchProject by changing the ownerId value to another userId that has been granted access to the dataset under the same ResearchProject. After taking over the ResearchProject, a user would have the same permissions with the DataAccessRequest's creator.

Request implements RequestInterface

Request implements RequestInterface

String id

String accessRequirementId

String createdBy

Long createdOn

String researchProjectId

List<String> accessors

String ducFileHandleId

String irbFileHandleId

List<String> attachments

String modifiedBy

Long modifiedOn

Any user can create a Request to a given AccessRequirement. To create a Request, the following fields are required: accessRequirementId, and createdBy. The following fields: id, createdOn, and modifiedOn are set by the system. A user cannot change these values.

Only creator of Request can update, and submit the request. To submit a request, it has to meet the requirements specified in the associated AccessRequirement.

Once a request is submitted, a Submission object is created. While there is an Submission with status SUBMITTED, it's associated Request no longer available for update & submit. 

Renewal implements RequestInterface extends Request

Renewal implements RequestInterface extends Request

String publication

String summaryOfUse

Once a Submission is approved and requestor wants to add/ remove accessors, he/she needs to update the request with a Renewal, given the publication and summaryOfUse in addition to editing the existing information from the original Request. 

Submitting a Renewal will also result in a Submission being created with status SUBMITTED. 

Submission

Submission

String id

String dataAccessRequestId

String submittedBy

Long submittedOn

ResearchProject researchProjectSnapshot

List<String> accessors

Boolean isRenewalSubmission

String ducFileHandleId

String irbFileHandleId

List<String> attachments

String publication

String summaryOfUse

SubmissionState state (SUBMITTED, APPROVED, REJECTED, CANCELED)

String reviewerId

Long reviewedOn

String rejectedReason

Once a Submission is created, it will have state SUBMITTED until a reviewer (ACT member) review and update its status. 

After a submission is Rejected and a reason is provided, the submission is closed for modification.

When an ACT member approves a submission, multiple AccessApproval are created for each accessor. 

When a requestor adds/removes a user, he/she will also need to update the request and create a new submission. An ACT member will review the new submission and make decision to grant/revoke access to the accessor. 

Services



Action

Intended User

URI

Method

Request Params

Request Body

Response Body



Action

Intended User

URI

Method

Request Params

Request Body

Response Body

1

create a ResearchProject

Synapse User

/researchProject

POST



ResearchProject

ResearchProject

2

retrieve a ResearchProject

creator

/accessRequirement/{id}/researchProject

GET





ResearchProject

3

update a ResearchProject

creator

/researchProject/{id}

PUT



ResearchProject

ResearchProject

4

transfer ownership of a ResearchProject

creator, ACT

/researchProject/{id}/updateOwner

PUT



ChangeOwnershipRequest

ResearchProject



create or update Research Project

Synapse User

/researchProject

POST



ResearchProject

ResearchProject



get ResearchProject for update

creator

/accessRequirement/{id}/researchProjectForUpdate

GET





ResearchProject

5

create a DataAccessRequest

Synapse User

/dataAccessRequest

POST



DataAccessRequest

DataAccessRequest

6

retrieve the current DataAccessRequest

creator, ResearchProject's owner

/accessRequirement/{id}/dataAccessRequest

GET





DataAccessRequestInterface

7

asking the server for a suitable request object to start with

creator

/accessRequirement/{id}/dataAccessRequestForUpdate

GET





RequestInterface

8

update a DataAccessRequest

creator, ResearchProject's owner

/dataAccessRequest/{id}

PUT



DataAccessRequestInterface

DataAccessRequestInterface



create or update Request

Synapse User

/dataAccessRequest

POST



RequestInterface

RequestInterface

9

submit a Request

creator, ResearchProject's owner

/dataAccessRequest/{id}/submission

POST

etag



SubmissionStatus

10

retrieve the latest DataAccessSubmission's status

requestor, ResearchProject's owner, accessors

/accessRequirement/{id}/submissionStatus

GET





DataAccessSubmissionStatus

11

cancel a Submission

requestor, ResearchProject's owner

/dataAccessSubmission/{id}/cancellation

PUT





SubmissionStatus

12

update a Submission

ACT

/dataAccessSubmission/{id}

PUT



SubmissionStateChangeRequest

SubmissionStatus

13

retrieve a list of Submission

ACT

/accessRequirement/{id}/submissions

GET

nextPageToken, order (SubmissionOrder), filter (SubmissionState),
asc 



SubmissionPage

14

retrieve a list of Approval Status for a given list of AccessRequirement

SynapseUser

/accessApprovalStatus

POST



AccessApprovalStatusRequest

AccessApprovalStatusResults

15

retrieve restriction info for a given entity

Synapse user

entity/{id}/restrictionInformation

GET





RestrictionInformation



retrieve restriction information

Synapse user

/restrictionInformation

POST



RestrictionInformationRequest

RestrictionInformationResponse

16

retrieve access requirement status

Synapse user

/accessRequirement/{id}/status

GET





AccessRequirementStatus

17

retrieve info about open submissions

ACT

/dataAccessSubmission/openSubmissions

GET

nextPageToken



OpenSubmissionPage

18

retrieve approval info for users

ACT

/accessApproval/batch

POST



BatchAccessApprovalRequest

BatchAccessApprovalResult

BatchAccessApprovalRequest

BatchAccessApprovalRequest

List<String> userIds

String accessRequirementId



BatchAccessApprovalResult

BatchAccessApprovalResult

List<AccessApprovalResult> results

AccessApprovalResult

AccessApprovalResult

String userId

String accessRequirementId

Boolean hasAccessApproval

OpenSubmissionPage

OpenSubmissionPage

List<OpenSubmission> openSubmissionList

String nextPageToken

OpenSubmission

OpenSubmission

String accessRequirementId

Long numberOfOpenSubmissions

ACTAccessRequirementStatus implements AccessRequirementStatus

ACTAccessRequirementStatus implements AccessRequirementStatus

String accessRequirementId

Boolean isApproved

SubmissionStatus current submissionStatus

SubmissionStatus

SubmissionStatus

String submittedBy

String submissionId

SubmissionState state