Table of Contents |
---|
Introduction
FOLIO offers an integrated permissions system that is configurable and very granular.
Each app provides its own permissions that are defined in the app's front-end and back-end modules.
FOLIO users can also build their own permission sets (groups of permissions) and assign those permission sets to FOLIO users. This can be very helpful in setting up individual system roles configured to individual library needs.
Naming Conventions
Permissions are named to indicate what a FOLIO user with the permission can do within the app.
Permissions are named in the following format:
- [Appname]: [What the user can do]
- Settings ([Appname]): [What the user can do]
Examples of permissions (current to Honeysuckle - Q32020):
Tip | ||
---|---|---|
| ||
If a permission is not named following the standard naming convention, the most likely reason is that that permission is currently being worked on / developed by the developer team for that app. FOLIO product owners work with developers to request specific permissions be added to the code, and also to ensure the permissions are eventually named correctly. |
Permission example (screenshot) | What this permission does |
---|---|
| |
|
How to find permission information in a FOLIO module
It can be helpful, if you are not sure what a permission doesis intended to do, to examine information about the permission in the associated code in the FOLIO github repository.
How to find this information can vary by module, but general guidelines are as follows:
- For a UI module (named starting with UI-), look for a file called package.json , md.json, module-descriptor.json, or module-descriptor-template.json in the repository.in the repository.
- Example: the permissions for the ui-inventory module are at the top level of the module in a file called package.json
- Example: the permissions for the ui-finance module are at the top level of the module in a file called package.json
- For a backend module (generally starting with MOD-), look for a file called module-descriptor.json or module-descriptor-template.json in the repository.moduledescriptor.json or ModuleDescriptor-template.json in the repository.
- Example: the permissions for the mod-circulation-storage module are in the descriptors folder in a file called ModuleDescriptor-template.json
- Example: the permissions for the mod-source-record-storage module are in the descriptors folder in a file called ModuleDescriptor-template.json
Permissions are usually defined towards the bottom of the descriptor file. Here are some examples of what a permission definition looks like.
Code Block | ||||||||
---|---|---|---|---|---|---|---|---|
| ||||||||
{ "permissionName": "customreports.item.put", "displayName": "custom reports item get", "description": "Edit an custom report" } |
Code Block | ||||||||
---|---|---|---|---|---|---|---|---|
| ||||||||
{ "permissionName": "eusage.all", "displayName": "eusage all", "description": "All permissions for the mod-erm-usage module. An admin should get all permission, e.g. to edit aggregators.", "subPermissions": [ "usagedataproviders.collection.get", "usagedataproviders.item.get", "usagedataproviders.item.post", "usagedataproviders.item.put", "usagedataproviders.item.delete", "aggregatorsettings.collection.get", "aggregatorsettings.item.get", "aggregatorsettings.item.post", "aggregatorsettings.item.put", "aggregatorsettings.item.delete", "counterreports.collection.get", "counterreports.item.get", "counterreports.item.post", "counterreports.item.put", "counterreports.item.delete", "customreports.collection.get", "customreports.item.get", "customreports.item.post", "customreports.item.put", "customreports.item.delete", "erm-usage.files.item.get", "erm-usage.files.item.post", "erm-usage.files.item.delete" ] } |
Code Block | ||||||||
---|---|---|---|---|---|---|---|---|
| ||||||||
{ "permissionName": "ui-inventory.settings.loantypes", "displayName": "Settings (Inventory): Create, edit, delete loan types", "subPermissions": [ "inventory-storage.loan-types.collection.get", "inventory-storage.loan-types.item.delete", "inventory-storage.loan-types.item.get", "inventory-storage.loan-types.item.post", "inventory-storage.loan-types.item.put", "settings.inventory.enabled" ], "visible": true }, |
Things to note:
- A permission or permission set must have the attribute "visible": true in order to
- Show up in the Users App for the assign permissions workflow;
- Show up in Settings → Users → Permission sets to be assigned to a user-created permission set for a particular FOLIO tenant.
Frequent Workflows
How do I assign permissions to a user in FOLIO?
See Assigning Permissions and Permissions Sets
How do I remove permissions from a user in FOLIO?
See Removing Permissions and Permissions Sets
How do I create my own permission sets in FOLIO?
See Settings - Users - Permissions Sets
Resources for More Exploration
FOLIO permission model (platform-level discussion)
Releases Home - search for release notes from current and past FOLIO releases to review permissions information and changes over time
Current Permissions Documentation by App Area - this is a Google sheet, maintained by individual product owners as permissions are added to apps they are responsible for.