Allow users to grant organizations permissions granularly
Currently when an ORCID member organization requests permission to access an individual's ORCID record, the user can only authorize all permissions for the long term, for a single instance, or not at all. A user also has the ability to revoke granted permissions from their personal account settings.
It would be great if users could instead grant permissions granuarly, e.g. with checkboxes or sliders. Users could authorize the organization to read their ORCID iD and trusted party-visible data on their ORCID records, but not grant access to update their biographical or activities sections of their ORCID records.
In addition, it would be useful to have a panel to set defaults for new links to trusted orgs., e.g. always allow contact info to be seen, never allow activity to be edited, etc.
Thanks for your suggestion to improve the ORCID Registry. We are going to put the idea under review by our team.
Regarding granular permissions: It would be great if you could provide additional suggestions on how this might work, or examples of similar practice by other systems.
Regarding panel to set defaults: This may be better for a new iDea. If this were implemented, it would likely be less granular than proposed as there are now only two permission scopes for an organization to add or edit data on ORCID records: /person/update (add/edit biographical details) and /activities/update (add/edit activities e.g. affiliations, funding, works, peer review). In addition, reading data on the ORCID record has record-wide permissions: /read-public or /read-limited.
ORCID Community Team
I fully support the suggestion by Hao Ye. I do trust a number of reputable publishers to add or edit information on my publications, but I certainly do not wish them to edit my biographical data or information about funding, etc. I hope it would be very straightforward to give an option for choosing different rights of access and editing to any item, which is already recognised by ORCID. For example, when an interactive window is open for a user to approve access by a trusted organisation there could be a list of available items with different rights of access to each such as read, edit, and add that could be implemented as radio buttons, boxes, sliders or whatever else. This would work in the same way as file permissions in UNIX. At a slightly more sophisticated level, trusted publishers would have access only to their own publications, and trusted funding organisations to grants only their own grants, etc.