Roles and Permissions Requirements - Release 1.1

Owned by Megan Forbes
Last updated: Oct 27, 2010 by Penelope Madry (Unlicensed)Version comment

Overview

Roles and Permissions is one facet of the management of system access. A system administrator creates roles from a selection of permissions at one of four levels: no access, read, write, and delete. Roles are assigned to users, whose actions in the system are then limited.

Roles and Permission Enforcement Workflows

For additional background, see: Roles and Permissions Discussion I, Roles and Permissions Discussion II and Roles and Permissions Discussion III

Must Have for Release 1.1

Both of these must be accommodated because a user might be accessing the data via the App layer but not through the UI.

Green-Level Enforcement at the Procedural Level

  • Procedures for which the user has no access do not appear in search or create new
  • Procedures for which the user has read access are accessible in a view-only mode

Red-Level Enforcement at the Procedural Level

Provide enforcement at the red-level in pages 1-3 of the attached roles and permissions workflow document: the user is warned when attempting to create a new procedural record, view a procedural record, or edit a procedural record.

Nice to Have for Release 1.1

Green-Level Enforcement for Relationships

  • User must have write permission to both procedures to create a relationship between them

Out of Scope for Release 1.1

  • Red-level enforcement for Vocabularies/Authorities
  • Green-level enforcement for Vocabularies/Authorities
  • Red-level enforcement for Administration
  • Green-level enforcement for Administration
  • Red-level enforcement for Relationships
  • Green-level enforcement for Relationships
  • Permissions at the field or group-of-fields level
  • Permissions at the object or group-of-objects level