I have the following situation in our facility and thinking about the right conception:
Employee changes the working group X and works now for working group Y.
As a member of working group Y the employee should only have read-only access of the data created for working group X. How can I map this in the OMERO permission system?
I have thought of following three possibilities:
- employee is no longer member of the omero group X in OMERO
pro: employee has no access to the data in the omero group X owned by the employee as far as I understand
con: filter view (by owner) no longer possible in group X for this data (except by searching for the employee name)
con: add employee as a coop-partner to the group X reactivate access
- employee get a new account in OMERO (former account is inactive)
pro: employeer has no longer full permissions to former created data
con: multiple accounts in OMERO with similar names can lead to misunderstandings
- change ownership of the data (for example to PI) and save creator of the data as key-value
con: not really a “clean” solution, i think
I find the 3 possibilities not really satisfying. I would be happy to discuss further ideas or misconception!