Managing and assigning user roles in Figshare is crucial for maintaining security and data integrity. It is essential to carefully consider role assignments when setting up workflows within Figshare to ensure optimal efficiency and user experience.
Figshare supports a range of permissions, from simply uploading content to full administrative controls. These permissions are assigned based on the role assigned to a user. Roles can be assigned at both the institutional and Group levels. Please note that roles assigned at the Group level will not automatically be inherited by subgroups, necessitating explicit role assignments for each subgroup.
While all the roles outlined in this document are available within Figshare, not all roles may be configured within your portal. To configure a new role type, please contact the support team who will be happy to discuss your requirements and ensure that your portal is configured to meet your specific requirements.
Assigning roles
Roles in Figshare can either be assigned at a global - portal wide level, or on a per-Group basis. Roles assigned at the portal level are high powered roles that have system wide permissions. Assignment of roles on a per-Group basis allows you to grant permissions over distinct sets of users, giving you granular control over workflows and data management.
Portal wide roles can be configured on the ‘Roles’ tab of the Administrative area. Users can have more than one role and the same role can be assigned to multiple users.
Roles for Groups can be configured on the ‘Group configuration’ page. More information about configuring groups can be found in this support article. To configure Group roles, navigate to the ‘Roles’ section.
Role Types
Typically an account with the institutional administrator role will also be given the institutional reviewer role so that they have complete visibility across the repository. As another example, an account with the Group owner role might also have the Institutional Reporter role in order to access the statistics dashboard.
Institutional Administrator
This role can only be configured at the portal-wide level on the ‘Roles’ tab in the Administration area (displayed as ‘Administrator’ in the ‘Role’ dropdown). Users with this role have broad permissions over all users and data in the system.
Institutional Administrators can manage storage and data quotas for the entire system. In addition, users with this role can manage quota requests that are assigned to them.
Institutional Administrators can modify the Group hierarchy within Figshare by creating, deleting or editing groups. In addition, Institutional Administrators have the ability to manage users and user data through impersonating users, downloading user reports and, if needed, unpublishing public Items.
Institutional Administrators have access to the statistics dashboard. They also have access to a secondary stats dashboard that can optionally be made public to repository visitors. If that dashboard is kept private, institutional administrators can still access it at {OrganisationDomain}.com/stats.
Please note that Institutional Administrators do not have access to Review Workflow functionality.
Embargo Administrator
Users with the Embargo Administrator role can view Items and files that are under embargo.
This role can see the items that were created with an embargo on the whole item and files that have an Administration embargo, meaning they’re visible to embargo administrators.
Institutional Reporter
Users with the Institutional Report role have ‘view only’ rights of the Admin Area. In addition they have access to the statistics dashboard and also can see the private stats page.
Group Owner
All Groups must include one user with the Group Owner role (displayed as ‘Owner’ in the ‘Role’ dropdown). When a Group is created this role will automatically be assigned to the user that creates the Group. A Group can have only one user with the ‘Owner’ permission at a time. If an Owner role assignment is removed then another must be added.
Users with the Group Owner role can edit the Group’s details, create other Groups, and approve quota requests assigned to them by the system. Every Group Owner can impersonate the users that belong to the Group that they are the owner of.
Group Administrator
This role can be configured on a per-Group basis via the ‘Group configuration’ page (displayed as ‘Administrator’ in the ‘Role’ dropdown).
Users with the Group Administrator role can edit the Group’s details, create other Groups, and approve quota requests assigned to them by the system. Every Group Administrator can impersonate the users that belong to the Group that they are the administrator for.
Data Steward
The Data Steward role is available on request. Users with the Data Steward role cannot edit Group details but they can manage quota requests from users and projects associated with the Group where they have this role assigned.
Institutional Reviewer
This role is configured on the ‘Roles’ tab in the Admin area (displayed as ‘Reviewer’ in the ‘Role’ dropdown). Users with the Institutional Review can approve and manage review requests from every group in the institution and can assign and deassign requests from everyone. They can also edit all the metadata for Items sent to review and can assign review requests to themselves. Institutional reviewers can add comments and send emails to submitting authors, for any pending/open requests.
Group Reviewer
This role is configured on the ‘Configure group’ page (displayed as ‘Reviewer’ in the ‘Role’ dropdown). Users with the Group Reviewer role can manage review requests from users belonging to the Group and subgroups below the Group for which they have this role assigned. Group Reviewers can only assign requests to themselves. They can also edit all the metadata for the items sent to the review workflow that they have permission to view. Group reviewers can add comments and send emails to submitting authors for any of the pending/open requests visible to them.
Fellow
Users with the Fellow role are able to perform an initial triage of new review requests before assigning them to a user with the Reviewer Role. This role can only view requests assigned to them by actual reviewers. Users with the Fellow Role have permission to view files and metadata, but they cannot edit items or approve or decline requests. Fellows can post internal comments on review requests. Users with the Follow role do not receive any email notification when requests are assigned to them.
Other privileges in the repository
Outside of the defined roles, there are two other ways to provide users with access to files and metadata that is other wise restricted. Within a Figshare Project, any account from a Figshare repository or from figshare.com can be invited as either a collaborator or a viewer. A collaborator can add items to the project. A viewer can only see what others have added, whether those items are published or still drafts. Anyone, whether they have an account or not, can be given access to private metadata or files by using an expirable, private link. These can be created for any item.