[UXPROD-3915] Support limiting applicable permissions by geolocation (geofencing) Created: 07/Dec/22  Updated: 30/Nov/23

Status: Draft
Project: UX Product
Components: None
Affects versions: None
Fix versions: None

Type: New Feature Priority: TBD
Reporter: Brooks Travis Assignee: Unassigned
Resolution: Unresolved Votes: 0
Labels: back-end, front-end, okapi, permission_set, permissions, security, security-reviewed, stripes
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original estimate: Not Specified

Issue links:
Cloners
clones UXPROD-3914 Support limiting selection of service... Draft
is cloned by UXPROD-3916 Support limiting acquisition unit ("t... Draft
Potential Workaround: Multiple user accounts for each operator based on service point access
Development Team: None
PO Rank: 0
Rank: Cornell (Full Sum 2021): R5

 Description   

Current situation or problem:

FOLIO currently supports assigning permissions to users. Users may then perform any operation for which they have permission from anywhere. However, it is desirable to be able to limit certain operations to a particular geolocation, determined by some geolocation mechanism (eg. IP address, device location/GPS, installed browser certificate, SAML assertion, etc.)

In scope

  • A mechanism to configure geofences for permissions (incl. permission sets)
  • A mechanism to determine the geolocation of a FOLIO user during permission resolution
  • Only resolve permissions without geolocation restriction or that are restricted to the current geolocation

Out of scope

  • Anything to do with limiting service points by geolocation
  • Anything to do with limiting "acquisition units" or "teams" by geolocation

Use case(s)

Proposed solution/stories

Links to additional info

Questions



 Comments   
Comment by Craig McNally [ 08/Dec/22 ]

Brooks Travis This appeared in the security team's board since it has the security tag. If you'd like us to weigh-in on this or provide guidance let us know.

Generated at Fri Feb 09 00:35:48 UTC 2024 using Jira 1001.0.0-SNAPSHOT#100246-sha1:7a5c50119eb0633d306e14180817ddef5e80c75d.