Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Date

...

Anya

Donna Minor

Rameka Barnes

mey

Jana Freytag



Discussion Items

...

Functional Area

Product Owner

Planned Release (if known)

Decision Reached

Reasoning

Link to supporting materials

Comments

e.g. loans, fees/finesNamee.g. Q4 2018, Q1 2019Clearly stated decision
  • Because...
  • Because...
e.g. mock-up, JIRA issue




























Notes

  • PC Announcements, Sharon Wiles-Young
    • Links in agenda
    • Friday, 1/29, 10 AM EST: Mike and the Governance Committee are going to give an overview of the Governance Model.
      • Will address questions.
    • Anton et al are looking at the testing process; thinking of moving some testing after sprint reviews to avoid finding issues so late in the process (Bugfest) in future.
  • User permissions discussion, Erin Nettifee
    • Slide deck in agenda
    • Intention is to provide background info on permissions and foster discussion on the topic.
    • FOLIO permissions are granular, with several little pieces: some hidden, some visible.
    • Permission attributes: all permissions have some/all of these values.
      • permissionName: can be very lengthy, typically contains an action verb; acts as unique identifier.
      • displayName: what appears in the UI (permission picker plugin); required if a visible permission.
      • Description
      • subPermissions: cluster of more granular permissions; cannot be discerned in UI
      • visible: dictates whether it appears in the UI (permission picker plugin); only about 10% of all permissions appear in UI unless developer setting has been flipped to show hidden permissions.
        • Note: showing invisible permissions can wreak havoc on user functionality in FOLIO due to sheer volume – UI not meant to handle that – but you can turn on to poke around test
      • Permissions v. permission sets
        • Confusing concept/terminology
        • Don’t worry about the difference; people tend to use terms interchangeably.
          • Use permission sets explicitly when talking about building in user settings.
        • Some institutions are worried about sub-permissions.
      • Questions & discussion:
        • Andrea L.: So how do we find what sub-permissions are assigned?
          • Github – even showing invisible permissions in UI does not show sub-permissions.
        • Amelia S.: If there is no specified "visible" field is the value is assumed false?
          • Correct; there needs to be an explicit true for the permission to display in the UI.
        • Mark C.: Has there been any thought given to delivering FOLIO with default permission sets?
        • How are permissions managed upgrade to upgrade?
          • Adding functionality in Iris to migrate built in permissions to address changes/deprecation.
          • Does not help with new permissions, but new permissions should be documented by POs in release notes for each version.
        • Anya: How do we rectify dependent permissions? E.g. if you need inventory permissions for courses, what is the “rippling” impact?
          • com/folio-org
          • If a module has mod- prefix, typically back-end (usually hidden permissions)
          • If a module has ui-prefix, typically front-end (usually visible permissions)
          • Courses had both a mod- and a ui- module
            • Look in package.json (sometimes names differently)
            • Has lots of information about permission sets and sub-permissions and when those overlap between apps
          • Need to have communication between practitioners and developers to have a permission set that reflects the need/desired behavior while working within the bounds of what FOLIO allows.
        • Erin: What kind of documentation do we want/need for permissions?
          • Role-based permission set advisory
          • Descriptions displayed in tool-tip – helpful for many things in FOLIO
            • Name, description, sub-permissions, visibility included in documentation
            • Erin showed spreadsheet maintained by POs. Might not be super accessible, but could be adapted for a better format with PO buy-in and consultation with Marcia.
            • Keeping this up to date and more visible is a good interim solution
          • David: More inclined to be generous with permissions if system logging of operator actions is improved.
            • g. not just logging renewals, but logging operator of a due date change.
            • Circulation log may help bridge that gap with RA-related actions
          • Are there permissions that are missing that are required by your institution?
            • Permission restrictions when off duty.
              • Would need to be facilitated by hosting provider based on location, rather than schedule.
              • IP or VPN restriction – depends on campus configuration
              • 2 factor authentication setup
            • Restrictions by service points were discussed but have not gained momentum.
  • Please add topics for Thursday's meeting. We will be discussing documentation but would like more granular topics.