[FOLIO-763] Top-to-bottom understanding of permissions Created: 08/Aug/17  Updated: 12/Nov/18  Resolved: 06/Sep/17

Status: Closed
Project: FOLIO
Components: None
Affects versions: None
Fix versions: None

Type: Task Priority: P2
Reporter: Mike Taylor Assignee: Mike Taylor
Resolution: Done Votes: 0
Labels: demo23, sprint20, sprint21, sprint22
Remaining Estimate: Not Specified
Time Spent: 3 days, 15 minutes
Original estimate: Not Specified

Issue links:
Blocks
blocks UIU-130 Permission Set for Patron Group CRUD Closed
blocks UICIRC-21 Permission Set for Loan Policy CRUD Closed
blocks UIIT-38 Permission Set for Loan Type CRUD Closed
blocks UIIT-39 Permission Set for Material Type CRUD Closed
Relates
relates to STRIPES-468 We need permissions for each module's... Closed
relates to STRIPES-469 Add permission-guards for each settin... Closed
Sprint:

 Description   

Email to Jakub:

I think permissions have now become a complex enough issue that we need to anoint one person – not me – to be the Permissions Tsar, understanding the system top to bottom. That person will understand what Cate and the SIGs are trying to achieve, what facilities are provided by the back-end, what our permission-naming conventions are, how we aggregate low-level permissions, what kinds of permission-sets are defined by back-end modules and what kinds in UI modules, etc. There is too much of this, and it threads through too much of the whole system, for all of us to try to understand it for our own application areas.

His response:

WRT to Permissions Tsar, I don't think it is a scalable approach in the 2 teams of 20 developers and 3 external partners with their own teams. Permissions are an essential aspect of the FOLIO Platform, they permeate both the backend and the frontend and you can hardly implement any functionality without understanding how to use the model.

Instead, let's discuss what can/should be done to make information about the model more accessible. More conceptual information in one place? Examples? I suspect the existing documentation is mixing the implementation details (critical to the core team members working on Okapi and mod-authtoken/login/etc) with explanation on how to consume and define permissions, and this can be remedied.

We'll talk this through in more detail and figure out how to get a better grip on the many interlocking problems of permissions.



 Comments   
Comment by Jakub Skoczen [ 10/Aug/17 ]

Mike Taylor what do you expect from this issue?

Comment by Mike Taylor [ 10/Aug/17 ]

A document that (A) I can use in resolving the four issues that this blocks, and (B) others can use in similar situations. Permissions in FOLIO have got very complicated, and there is no one place to learn about all the ways that complexity manifests.

Comment by Mike Taylor [ 11/Aug/17 ]

The very start of this document is at https://github.com/folio-org/stripes-core/blob/master/doc/permissions.md

Comment by Jakub Skoczen [ 14/Aug/17 ]

FOLIO Permission model on wiki: https://folio-org.atlassian.net/wiki/display/PLATFORM/FOLIO+permission+model

Comment by Charlotte Whitt [ 14/Aug/17 ]

FOLIO Permission structure in Filip's UX prototype http://ux.folio.org/prototype/en/users/user-permissions

Comment by Mike Taylor [ 01/Sep/17 ]

I think we're very nearly there now. I created and eventually resolved a ton of issue related to permissions. I do have a bit more writing up left to do, summarising the right way to use the system that has emerged. But that can wait for next week.

Comment by Mike Taylor [ 06/Sep/17 ]

The wretched document is finally done – having been delayed by a ton of implementation work:
https://github.com/folio-org/stripes-core/blob/master/doc/permissions.md

Comment by Mike Taylor [ 05/Oct/17 ]

Why did we add this into sprint23? I closed it some time ago.

Comment by Cate Boerema (Inactive) [ 05/Oct/17 ]

I just added the "demo23" label because I thought you might want to show this document during the demo. However, it doesn't look like you've got anything else for Tuesday's demo. Not sure if it's really worth having you jump on to show this document alone. Thoughts?

Comment by Mike Taylor [ 05/Oct/17 ]

Oh, stupid me! You added it to demo 23, not sprint 23!

OK, forget I said anything

But I agree, I don't have much reason to be on that demo. Someone else can certainly present the link to that document.

Generated at Thu Feb 08 23:08:09 UTC 2024 using Jira 1001.0.0-SNAPSHOT#100246-sha1:7a5c50119eb0633d306e14180817ddef5e80c75d.