/
Library Roles and Permissions

Library Roles and Permissions

This document outlines the proposed roles and permissions structure for managing libraries within the system. It serves as a working draft to define user access levels and the actions they can perform. Changes and refinements may be made as requirements evolve.

Permissions

Create Library

Action: create_library
Resource Type: organization
Description: Grants the ability to create a new library in the system, with the creator automatically receiving admin rights over the library.

Edit Library Content

Action: edit_library_content
Resource Type: library
Description:

  • Create content (components or units)

  • Edit content in draft mode.

  • Edit Library Name

  • Delete content

  • This doesn’t includes collections

Manage Library Tags

Action: manage_library_tags
Resource Type: library
Description:

  • Add tags to content.

  • Remove a tag from content.

Manage Taxonomies

Action: manage_taxonomies
Resource Type: Organization
Description:

  • Create a taxonomy

  • Delete a taxonomy

  • Create tags in a taxonomy

  • Delete a tag from a taxonomy

Delete Library

Action: delete_library
Resource Type: library
Description: Grants permission to permanently delete a library and all its contents.

Import Content from Course

Action: import_content
Resource Type: library
Description: Grants permission to import content from an existing course into a library.

View Library

Action: view_library
Resource Type: library
Description:

  • Search for content in a library.

  • View content in a library.

  • Filter content in a library.

  • Sort content in a library.

  • Filter content by tag

  • View content in a collection.

  • View the list of collections.

Publish Library

Action: publish_library
Resource Type: library
Description:

  • Publish a library

  • Change the library from draft mode to published.

Publish Library Content

Action: publish_library_content
Resource Type: library
Description:

  • Publish content, making it available for reuse.

  • Change content from draft mode to published.

  • Publish the whole library.

Manage Library Team

Action: manage_library_team
Resource Type: library
Description:

  • Add and remove users from a library.

  • Assign roles to users within a library.

  • Allow public read for a library

View Library Team

Action: view_library_team
Resource Type: library
Description: Grants permission to view the list of users who have access to the library.

Reuse Library Content

Action: reuse_library_content
Resource Type: library
Description: It allows the use of published content from a library inside a course.

Create Library Collection

Action: create_library_collection
Resource Type: library
Description: Create new collections within a library.

Edit Library Collections

Action: edit_library_collection
Resource Type: library
Description:

  • Add content to existing collections.

  • Remove content from existing collections.

Delete Library Collections

Action: delete_library_collection
Resource Type: library
Description: Delete entire collections from a library.

Roles

Library Creator

Description: Organization scoped. Allows users to create libraries. When a library is created, the creator is automatically assigned Library Admin on that library.
Ulmo MVP: This role is not grantable in the new interface. Granting remains tied to the existing Studio course creation logic. We will define the Library Creator role and the create_library permission in RBAC, and the UI will show the Create Library button only if the user holds that permission. When we add multi library administration, we will add a flow in the RBAC panel to grant this role, decoupling it from the legacy logic.

Permissions:

  • Create Library

  • Manage Taxonomies

Library Admin

Description: The Library Admin has full control over the library, including managing users, modifying content, and handling publishing workflows. They ensure content is properly maintained and accessible as needed.

Permissions:

  • Edit Library

  • Delete library

  • Publish Library

  • Publish content

  • Manage Library Tags

  • Manage Library Team

  • View Library Team

  • View Library

  • Reuse Library Content

  • Create Collection

  • Edit Collection

  • Delete Collection

Library Author

Description: The Library Author is responsible for creating, editing, and publishing content within a library. They can manage tags and collections but cannot delete libraries or manage users.

Permissions:

  • View Library Team

  • Edit Library

  • Manage Tags

  • Publish Content

  • View Library

  • Reuse Library Content

  • Create Collection

  • Edit Collection

  • Delete Collection

Library Contributor

Description: The Library Contributor can create and edit content within a library but cannot publish it. They support the authoring process while leaving final publishing to Authors or Admins.

Permissions:

  • Edit Library

  • Manage Tags

  • View Library

  • Reuse Library Content

  • View Library Team

  • Import Content from Course

  • Create Collection

  • Edit Collection

  • Delete Collection

Library User

Description: The Library User can view and reuse content but cannot edit or delete anything.

Permissions:

  • View Library Team

  • View Library

  • Reuse Library Content

Table of Roles and Permissions

Roles related to a library:

 

Library Admin

Library Author

Library Contributor

Library User

 

Library Admin

Library Author

Library Contributor

Library User

Library

view_library

manage_library_tags

delete_library

view_library

manage_library_tags

x

view_library

manage_library_tags

x

view_library

x

x

Content

edit_library_content

publish library_content

reuse_library_content

edit_library_content

publish library_content

reuse_library_content

edit_library_content

x

reuse_library_content

x

x

reuse_library_content

Team

view_library_team

manage_library_team

view_library_team

x

view_library_team

x

view_library_team

x

Collections

create_library_collection

edit_library_collection

delete_library_collection

create_library_collection

edit_library_collection

delete_library_collection

create_library_collection

edit_library_collection

delete_library_collection

x

x

x

Global role:

 

Library Creator

 

Library Creator

Library

create_library

Permission Inheritance

For the policy, we have permission inheritance (edit_library implies view_library). This will serve as our guide for permission inheritance.

Example with the notation: g2, edit_library, view_library means edit_library implies view_library.

# Library g2, manage_library_tags, edit_library_content g2, delete_library, edit_library_content # Content g2, publish_library_content, edit_library_content g2, edit_library_content, view_library g2, reuse_library_content, view_library g2, publish_library_content, view_library # Team g2, manage_library_team, view_library_team # Collections g2, delete_library_collection, edit_library_collection g2, create_library_collection, edit_library_collection g2, edit_library_collection, view_library