|
Current situation or problem: Right now, if someone has access to FQM (or Lists), they have access to everything exposed by those modules. This feature is to lock those down a little by adding a new separate permission for each entity/record type, so that users can be given more targeted permissions
In scope
- A content permission (one per entity-type) enables access to lists of that entity-type
- Lack of the content permission prevents access to lists of that entity-type
- users will be required to have content permission(s) + lists app permission(s) [these permissions already exist] to use the Lists app
- Limit entity types when creating a list based on content permissions
- Record type dropdown limited by permissions
- Error/messaging if you don't have permissions for any entity-type
- On the lists landing page, limit viewing of lists based on content permissions
- On the lists landing page, limit filtering of entity types based on content permissions
- Provide an appropriate error message/warning when provided a direct link to a list the user doesn't have access to
Out of scope
- Permissions per field within an entity-type
- Unique pairing of lists app permission(s) with content permission(s)
- A single user can't be provided 'view' access for the 'items' entity-type and 'edit' access for the 'loans' entity type.
Use case(s)
- Scenario: Content permission enables access per entity type
Given a content permission is available per entity type
When a user has the content permission for an entity type enabled
Then the user can access content* in the Lists app for that entity type
- Scenario: Lack of content permission prevents access per entity type
Given a content permission is available per entity type
When a user does NOT have the content permission for an entity type
Then the user CAN NOT access content* in the Lists app for that entity type
- Example 1: User A has admin permissions for the Lists app (and can view, create, edit, delete and export in the Lists app). User A also has the content permission enabled for the 'Users' and 'Items' entity types. User A can only view, create, edit, delete and export lists for the 'Users' and 'Items' entity type - access to 'Loans,' 'Purchase order lines' or other entity types is prevented.
- Example 2: User B has viewing permissions for the Lists app. User B has content permissions for the 'Loans' entity type. User B can only view lists of the 'Loans' entity-type - access to any other entity types is prevented.
Proposed solution/stories
Links to additional info
Questions
|