Overview
Roles and Permissions is one facet of the management of system access. A system administrator creates roles from a selection of permissions at one of four levels: no access, read, write, and delete. Roles are assigned to users, whose actions in the system are then limited.
Roles and Permission Enforcement Workflows
For additional background, see: Roles and Permissions Discussion I, Roles and Permissions Discussion II and Roles and Permissions Discussion III
Must Have for Release 1.1
Both of these must be accommodated because a user might be accessing the data via the App layer but not through the UI.
Green-Level Enforcement at the Procedural Level
- Procedures for which the user has no access do not appear in search or create new
- Procedures for which the user has read access are accessible in a view-only mode
Red-Level Enforcement at the Procedural Level
Provide enforcement at the red-level in pages 1-3 of the attached roles and permissions workflow document: the user is warned when attempting to create a new procedural record, view a procedural record, or edit a procedural record.
Nice to Have for Release 1.1
Green-Level Enforcement for Relationships
- User must have write permission to both procedures to create a relationship between them
Out of Scope for Release 1.1
- Red-level enforcement for Vocabularies/Authorities
- Green-level enforcement for Vocabularies/Authorities
- Red-level enforcement for Administration
- Green-level enforcement for Administration
- Red-level enforcement for Relationships
- Green-level enforcement for Relationships
- Permissions at the field or group-of-fields level
- Permissions at the object or group-of-objects level