[GeoNetwork-devel] privileges to access metadata history

Hi list,
3.6 introduces a concept of metadata history. I wonder if/when we need to discuss the granularity of the privileges to access this history. History typically contains author information and ‘commit’ and ‘review accepted’ messages. Some use case to identify the challenges/possibilities:

To be fully transparent in operation, it would be nice to have the record-history available for the wider audience. The record history may provide interesting insights in how the organization manages their data workflow.

Catalogs may want to exchange history as part of the harvest process.

For some records users may want to indicate a higher access level then other records, in case the data requires a higher security level or the history contains confidential information

A dataset that was previously confidential, but now is public. By opening the history the administrator should be aware that users will be able to retrieve the full history, even from periods when it was still confidential.

The functionality should provide enough options to add constraints/anonimisation to fit within the GDPR regulation.

Until we’re sure we meet the minimal conditions for exposing history publicly, I’d suggest we allow access only to editor+. And when activating the functionality, make sure the administrator is notified of the potential challenges in the scope of GDPR.

Regards, Paul.