Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

TimeItemWhoDescriptionGoals/Info/notes
2minAdministrivia
  • Meetings in December and January (Holidays and Vacation days)
  • We cancel the dates between the 23rd Dec - 10th Jan (first meeting next year will be the 10th Jan)

Note taker: Andy Horbal 

meeting_saved_chat.txt

meeting_saved_closed_caption.txt

Recording

60 MinPermissions

Refresh on Permissions

Widget Connector
urlhttps://docs.google.com/presentation/d/1F1VoUrIemKlFkiVnJ3ebjIBYbNTn01C3dRJ-uLeuOEU/edit?usp=sharing

Permissions resources:

Introduction to FOLIO Permissions

Using Sample Role-Based Permission Sets on the Reference environments


Meeting Notes

Administrivia - Jana Freytag

...

A SIG member asked about the following hidden permission:  https://issuesfolio-org.folioatlassian.orgnet/browse/CIRC-1214. Without it, scheduled notices will not generate like they are supposed to.

...

Role-based permission sets in Snapshot (like the “role-circ-observer” one shown on slide 10) were set up to mimic real-world roles, as opposed to diku_admin, which basically has access to everything. If you want to log in as a user with one of these sets, the username and password match the name of the set: e.g., the username and password for role-circ-observer are both role- circ-observer.

Question in chat: Has there been any thought to allowing admin users toggle "hidden" permissions on so that they can see them for troubleshooting purposes? Answer: This already can be done in SettingsàDeveloperàConfiguration.

...

Question in chat: Wat does the "Act as though user has all permissions?" in config do? Erin did not know the answer, but she will find it and post it in the RA SIG Slack channel. Erin's answer in Slack:  "essentially it sets a flag in Stripes (the User Interface code) that tells Stripes to act like the account that is logged in has all the UI permissions available. What that option doesn't do is give your account all the backend permissions like diku_admin does. In a production environment where you don't want anyone using diku_admin, that option would be useful for troubleshooting questions about people being able to see a particular app or function... but if you have access to the superuser account, you probably wouldn't use that feature very much."

How to find permissions could be its own presentation. Briefly, though, you can look in FOLIO after turning on developer tools, but Erin more often looks at the FOLIO code in Github.

Release notes should mention if new permission are added by an app. There’s also now a feature that allows you to deprecate a permission.

There is not a way to duplicate permission sets, but starting in Juniper FOLIO release, you can nest permission sets. For example, you could nest the permission set 'circ-student' in a permission set 'circ-manager'.

There are not any permissions that block a user from doing something in FOLIO. Either a user has the permission, and can do what the permission enables, or the user doesn't have the permission (in its most specific, granular form) assigned, and can't do what that permission allows. Therefore, there can't be "conflicting" permissions. FOLIO will automatically drop duplicate permissions (e.g. if a permission set and a permission within that set are both assigned to a user).