[UXPROD-4681] Create a permission to limit access to aspects of user data. Created: 02/Feb/24  Updated: 05/Feb/24

Status: Open
Project: UX Product
Components: None
Affects versions: None
Fix versions: None

Type: New Feature Priority: TBD
Reporter: Thomas Trutt Assignee: Unassigned
Resolution: Unresolved Votes: 0
Labels: permissions, usermanagement
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original estimate: Not Specified

Development Team: None
PO Rank: 0
RCA Group: TBD

 Description   

Current situation or problem:

As a system administrator i require the ability to restrict access to specific fields in the user record so they are not visible to general users. 

In scope

Adding a permission that restricts hides the address field on a user record. Only system users with the permission applied would be allowed to view the information in those fields.

 

Preferred solution:

  • Provide a one - three user permissions allowing you a create view levels to user information.
  • Provide a user interface that would allow you to select what fields should be hidden form standard users.
  • Provide a user interface that would allow you to select what fields should be displayed to the each of the above permission levels.
    • The interface should allow you to show all addresses, or just specific address types. The same pattern would be used for custom data. 
  • All api external api calls would also remove all fields that the use does not have permissions to see.
  • When editing a user the "hidden" fields would not be displayed nor would they be changed if a user did not have the required permission.
    • Example: User A does not have permissions to view home addresses. User A opens user B's record and updates their local address. While editing the record user A can not see nor knows if user B has a home address. When the record is saved the Home address information remains intact.
    • Example 2: User A does not have permissions to view home addresses. User A opens user B's record to add a home address to their account. User A can not add a home address as it is not listed as an option in the Address type dropdown.

 

Short term solution:

  • Hide address information by default; no matter what the address type.
  • Provide a single permission that makes address information visible. 

 

Considerations:

  • Exports via the UI should abide by all permissions added.
  • Bulk edit should be aware of any restrictions and not allow the viewing of or changing of restricted patron information.
  • The lists app should be aware of any restrictions and not display any restricted information.
  • Emails and automated communications should have unrestricted access to user information. 
  • Print notices, pull slips, ui side reports should all honor user data restrictions. 

 

Interested parties:

Cornell


Generated at Fri Feb 09 00:41:44 UTC 2024 using Jira 1001.0.0-SNAPSHOT#100246-sha1:7a5c50119eb0633d306e14180817ddef5e80c75d.