Batch Importer (Bib/Acq) (UXPROD-47)

[UXPROD-1384] Data Import permissions - Additional Enhancements - DRAFT Created: 03/Dec/18  Updated: 28/Dec/23

Status: Draft
Project: UX Product
Components: None
Affects versions: None
Fix versions: TBD
Parent: Batch Importer (Bib/Acq)

Type: New Feature Priority: P3
Reporter: Ann-Marie Breaux (Inactive) Assignee: Ryan Taylor
Resolution: Unresolved Votes: 0
Labels: crossrmapps, data-import, post-mvp, round_iv, swag
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original estimate: Not Specified

Issue links:
Defines
defines UXPROD-47 Batch Importer (Bib/Acq) Analysis Complete
Release: Not Scheduled
Epic Link: Batch Importer (Bib/Acq)
Front End Estimate: Large < 10 days
Front End Estimator: Ivan Kryzhanovskyi
Front-End Confidence factor: High
Back End Estimate: Large < 10 days
Back End Estimator: Kateryna Senchenko
Estimation Notes and Assumptions: Estimate assumes 1) no deprecation of existing permissions, 2) no breakdown by record type, 3) include automated tests
Development Team: Folijet
PO Rank: 80
Rank: Chalmers (Impl Aut 2019): R4
Rank: Chicago (MVP Sum 2020): R2
Rank: Cornell (Full Sum 2021): R2
Rank: Duke (Full Sum 2021): R1
Rank: 5Colleges (Full Jul 2021): R2
Rank: FLO (MVP Sum 2020): R4
Rank: GBV (MVP Sum 2020): R4
Rank: Grand Valley (Full Sum 2021): R4
Rank: hbz (TBD): R4
Rank: Hungary (MVP End 2020): R1
Rank: Lehigh (MVP Summer 2020): R4
Rank: Leipzig (Full TBD): R4
Rank: Leipzig (ERM Aut 2019): R5
Rank: TAMU (MVP Jan 2021): R2
Rank: U of AL (MVP Oct 2020): R5

 Description   

As of Lotus release, there are 2 User permissions for Data Import

  • Data Import: All permissions
    • Upload files
    • Assign job profiles
    • Run imports
    • View logs
  • Settings (Data import): Can view, create, edit, remove
    • All 4 profile types
    • File extensions
    • Field protections

As of Morning Glory release, there are 5 User permissions for Data Import

  • Data import: Can upload files, import, and view logs ( UIDATIMP-1143 Closed )
    • A renamed version of the previous Data import: All permissions
    • Can do anything in the Data Import app except delete job logs
  • Data import: Can delete import logs ( UIDATIMP-1144 Closed )
    • New permission in Morning Glory
    • Can only delete import logs from the DI Landing page and View all page.
    • To import, user must also have the permission above this one
  • Data import: Can view only ( UIDATIMP-1187 Closed , UIDATIMP-1174 Closed )
    • New permission in Morning Glory
    • Assign to users who need to view import job logs, but are not permitted to import via the Data Import app
    • Typical use case: User who imports directly from Inventory UI via Inventory Single Data Import, and occasionally needs to see the DI Logs to see if an import completed or errored
  • Settings (Data import): Can view, create, edit, and remove
    • An existing permission; no change since its creation
  • Settings (Data import): Can view only ( UIDATIMP-1145 Closed )
    • New permission in Morning Glory
    • Assign to users who should be able to view any DI permissions, but cannot create/edit/delete them

Assumptions:

  • Keep existing broad permissions (so that we do not have to deprecate permissions, and so that tenants are not forced to update permissions for DI users)
  • Add new, narrower permissions for users that need to be restricted in some way

No further work on DI permissions is currently planned.

Possible additional future permissions

  • Be able to import only certain file types (MARC Bibs, MARC Holdings, MARC Authorities, EDIFACT Invoices)
  • Settings (Data import): Can view, create, edit, delete Data import profiles (not yet prioritized by the community)
  • Settings (Data import): Can view, create, edit, delete Data import file extensions and field protections (not yet prioritized by the community)
  • Permission breakdown by import action (consider a separate permission for delete action in the future)
  • Separate permissions for preview, but not commit (run) - will be added when the Preview function is developed
  • Changes to Inventory Single Record Import permissions - those are managed by the Inventory PO currently

UI

  • UI names of permissions
  • E-to-E scenarios

BE

  • Scope of new permissions
  • Karate


 Comments   
Comment by Nick Cappadona [ 12/Aug/20 ]

I know permissions have not been a focus just yet but I wanted to share some of our experiences at Cornell. This is in follow up to a thread in the #data-import-batchload channel and the recently merged PR for ui-data-import.

Here are the steps taken on snapshot-load earlier today to test ui-data-import#650:

  1. Create new di_test user account
  2. Add Settings (data-import): display list of settings pages permission to di_test user
  3. Sign in as di_test & navigate to Settings > Data Import > Job Profiles
  4. Click Actions > New Job Profile
  5. Enter values for Name & Accepted data type
  6. Click Save as profile & Close

This resulted in an error and I was only able to successfully create a Job Profile after adding the Inventory: All permissions permission to the di_test user.

Unable to render embedded object: File (Screen Shot 2020-08-12 at 9.01.18 AM.png) not found.

Based on our (incorrect?) understanding of the permissions documentation in stripes-core, a user with the settings.data-import.enabled permission should be allowed to use the entire feature set or functionality presented under Data Import within the settings app.

Similarly, based on the documentation, there is an expectation that a user with the module.data-import.enabled permission should be allowed to use all the features of the Data Import app, which is currently not the case.

Comment by Ann-Marie Breaux (Inactive) [ 13/Aug/20 ]

Good comments, Nick Cappadona I expect we'll run into something similar once we start working with invoices and orders, such that the user importing acq data will need permissions in the order and invoice apps, and maybe permissions in the finance, receiving, and organizations apps. Definitely something to keep in mind.

Comment by Jacquie Samples [ 08/Dec/20 ]

Thanks for explaining the permissions situation Nick Cappadona. We will want to have separate permissions for people creating profiles from scratch, people using existing profiles to "clone" new ones, and for people needing to edit existing profiles. Then, permissions for those allowed to use the Data Import profiles. I am not clear where we are with permissions, but at Duke, we prefer them to be as granular as possible as staff across our institution have differing expertness around the Data Import CRUD functions. That is, some people just need to be able to import records/data which touches on Ann-Marie's Ann-Marie Breaux reflection on Order and Invoice apps, and other acquisitions-related app permissions.

Comment by Ann-Marie Breaux (Inactive) [ 08/Dec/20 ]

Hi Jacquie SamplesI attached a draft of the permissions we're planning for data import. Right now, there's only 2 permissions - 1 that allows the user to do anything with the Data Import app, and 1 that allows the user to do anything with the Data Import settings. We are cleaning up the UI names for those 2 permissions in Iris ( UIDATIMP-781 Closed ). We'll get to the more granular permissions noted in the spreadsheet once we complete higher priority work

Comment by Nick Cappadona [ 08/Dec/20 ]

Jacquie Samples – No worries

Ann-Marie Breaux – Thanks for sharing the draft permissions and for the heads up that the cleaned up and simplified data-import app/settings split will be ready for Iris via UIDATIMP-781 Closed .

Comment by Ann-Marie Breaux (Inactive) [ 10/Dec/20 ]

Updated the attached spreadsheet to include Anne H's findings about importing versus settings permissions

Comment by Ann-Marie Breaux (Inactive) [ 09/Feb/22 ]

Reviewed and confirmed estimates in Lotus planning Ivan Kryzhanovskyi Kateryna Senchenko; review and increase confidence after SME mtg

Comment by Ann-Marie Breaux (Inactive) [ 11/Feb/22 ]

Jacquie Samples and Nick Cappadona We may be doing some work on permissions in the Morning Glory release. I have completely rewritten the description. Please review and let me know what you think.

Jacquie, I know that you said much granularity, but per comments from leeda.adkins@duke.edu at the DI Subgroup meeting, it seems like having the options detailed in the In scope section of the description will suffice for now. If we need to get more granular in the future, and use cases are identified, then we can.

Comment by Ann-Marie Breaux (Inactive) [ 11/Feb/22 ]

Kateryna Senchenko and Ivan Kryzhanovskyi I haven't built the stories yet, but see the In scope section of the description. Are you still comfortable with the BE/FE T-shirt sizes?

Comment by Kateryna Senchenko [ 11/Feb/22 ]

Hi Ann-Marie Breaux, existing Karate and e-2-e tests will probably need to be updated, some additional tests (for negative scenarios, for example denying ability to delete logs if user lacks necessary permissions) should be added. I'd increase BE estimate to account for additional testing work. Thank you!

Comment by Jenn Colt [ 25/Feb/22 ]

In the current Cornell tenant assigning: Data Import: All permissions  does not allow people to assign job profiles to jobs, therefore we are having to give everyone DI settings permissions which we don't want to do. Commenting on this here since this issue assumes the current permissions work properly, which I don't think they do.

Comment by Ann-Marie Breaux (Inactive) [ 06/Jun/22 ]

Hi Jenn Colt In Morning Glory, there's 3 changes that will help (I think)

  1. A user with the base Data Import permission will be able to assign job profiles without a settings permission
  2. There's a new view-only permission for settings (for users who need to see all the details of settings, but not create/edit/delete them)
  3. There's a new view-only permission for Data Import (for users who need to see jobs or logs, but not import via the DI landing page)

All of these are available on Snapshot now, if you would like to test them

Generated at Fri Feb 09 00:15:09 UTC 2024 using Jira 1001.0.0-SNAPSHOT#100246-sha1:7a5c50119eb0633d306e14180817ddef5e80c75d.