|
Background:
- Requirement is to enable permission control over specific fields on the user record (and other record types that need it).
- Original plan was to have two levels of fields: basic and restricted. We would then offer a "basic" and "all" version of each user permission. For example: "Users: Can view user profile (basic fields)", "Users: Can view user profile (all fields)", "Users: Can edit user profile (basic fields), Users: Can edit user profile (all fields)" etc.
- For the initial version, we might set which field were basic vs restricted on a system level. Future iterations might include tenant-level configuration.
- So far, the only user field that SMEs have identified as needing to be permission-controlled is Address (for privacy reasons). And, actually, we need to be able to make just certain types of addresses restricted (addresses have a "type" which are defined by the library in Settings). Given we only had one use case, we had held off on implementing this feature.
- We need to determine whether we should continue with the originally planned approach or if there is a simpler way to handle control of just the Address field (maybe when you are CRUDing address types, you can flag them as sensitive?)
There was a user story drafted for the original approach and it waits in the backlog on hold and in draft state:
UIU-10
Draft
|