Marc Johnson to Everyone 11:10 AM
How are patron groups used for authorisation? It is my understanding that isn’t what they are used for Maccabee Levine to Everyone 11:13 AM
"Roles" to me sounds like the existing "Permission Sets". I assume the next slides will explain the diff Marc Johnson to Everyone 11:21 AM
IIRC one of the reasons that FOLIO does not have canned roles out of the box is that each organisation models their roles differently And thus canned roles would only add noise Marc Johnson to Everyone 11:32 AM
I don’t think I understand, because granting back end capabilities is NOT the same as granting capabilities in the front end 😕 Jenn Colt to Everyone 11:35 AM
Capabilities are equivalent to “hidden permissions”? Maccabee Levine 11:36 AM
And we are now un-hiding them? This has major functional implications. Big increase in complexity. Jenn Colt 11:37 AM
I see the appeal of making them clearer when you need to see them. I’m not really getting the language/modeling change. Maccabee Levine 11:38 AM
"When you need to see them" I think is the functional question. As Marc just said the granularity of these backend permissions (currently hidden) is much greater than FE. Jenn Colt 11:39 AM
Right. When we have set up integrations we have messed with them. Also when dev forget to put them in their UI sets… Marc Johnson 11:40 AM
If roles are made in the UI, these capabilities would need to be un-hidden Marc Johnson to Everyone 11:47 AM
What is an example of a role? My classical understanding of a role is something like “circulation desk staff”. However the impression I’m getting here is that a role would be more like “can edit instances” or “can check out an item”. Jenn Colt to Everyone 11:48 AM
Right I’m still not getting why this isn’t just a best practice recommendation + addition of perm set to the user facets UI. Why. Can’t policy be an add on to the existing system You to Everyone 11:48 AM
I think a role generally would align with things like circulation librarian, acquisitions manager, etc. Marc Johnson 11:50 AM
That doesn’t fit with how I interpreted Vince’s explanation of them You to Everyone 11:50 AM
Vince mentioned that he thinks there's still a need for visible and invisible capabilities You to Everyone 11:51 AM
In my mind, it would be possible, if desired to see invisible capabilities in the UI, but they'd be hidden by default. Much like we have with permissions in the UI today. You to Everyone 11:50 AM
Marc I think what you're missing is the capabilities are defined by backend modules. These are typically not visible in the UI. There will need to be something else (e.g. capabilitySet) which is a grouping of those which would generally be visible in the UI. Marc Johnson 11:52 AM
Vince just demonstrated a UI for exposing capabilities to a user via the UI Which means that doesn’t fit with how I interpreted Vince’s model. And the proposed model doesn’t have capability sets. Which is what I interpreted Vince as describing as roles. It seems you have a very different model of this than what is described in this deck / presentation You 11:53 AM
We've been discussing the topic, but details haven't been sorted out yet (hence the presentation not mentioning capabilitySets) Marc Johnson 11:54 AM
Sure. That makes it confusing for folks like me when you and others are operating on a different understanding of the model than what is being presented Maccabee Levine to Everyone 11:54 AM
Vince, do the backend and frontend modules still check for *permissions* before doing X operation, or do they ever check for capabilities? Marc Johnson 11:55 AM
If this is an optional layer on top of what we already have, then the system would still have to depend upon permissions Maccabee Levine 11:55 AM
I agree, just want to confirm with Vince -- I'm not missing another "next level" idea |