[Magda Zacharska] 10:20:06
Now the heavy lifting part of the meeting. I think we are all properly warmed up. This will be the user permissions part.
[Magda Zacharska] 10:20:17
I want to emphasize that when we talk about Bulk Editing user permissions, we are talking about the process of assigning or on unassigning or removing permissions from the users, this is not about permission names creating permissions sets, etc. This is outside the scope of this this JIRA, UXPROD-3468.
[Magda Zacharska] 10:21:21
So we are trying to do the Bulk Edit assigning or removing permissions to the user.
[Magda Zacharska] 10:21:32
So this is the user management screen in FOLIO where you or you get to assign the permissions.
[Magda Zacharska] 10:21:44
And this is the updating on the back end table that actually consists only of the user Id, and the list of permissions.
[Magda Zacharska] 10:21:57
So what I would like to propose is to add an additional radio button in addition to users to have user permissions.
[Magda Zacharska] 10:22:47
Here are the things that I need to ask.
[Magda Zacharska] 10:22:52
What are the columns you would like to see in the preview? We have 2 options, option number one is to keep what is currently displayed for users. So it would have the same columns for the permissions
[Erin Nettifee] 10:23:16
So, Magna, is this using the CSV update?
[Magda Zacharska] 10:23:21
This is an in-app enough update.
[Erin Nettifee] 10:23:30
So users you can do CSV and in-app? We would be able to also do it both ways.
[Magda Zacharska] 10:23:34
Yes.
[Magda Zacharska] 10:23:38
Yes, the idea was mentioned in several SIG meetings. They want to have the in-app approach take precedence before CSV.
[Magda Zacharska] 10:24:03
This broke my heart a little bit because the CSV approach gives us a really quick way to update any field. It will take us a while to support all fields.
[Magda Zacharska] 10:24:16
So we are prioritizing the UI right now.
[Magda Zacharska] 10:24:24
And so that would be a UI in-app user permission update.
[Erin Nettifee] 10:24:34
Okay.
[Magda Zacharska] 10:24:34
So the question here is, we can display either as it is currently on the user, the same table, or we can create another table that will have just basic information from the user's last name, first name, barcode, or any other identifier that was used to to identify the records.
[Magda Zacharska] 10:25:02
But then do we need to display all the permissions that are associated with each patron? The list can be lengthy.
[Ros, Amanda L] 10:25:16
My questions were, where it says, "do we need to display the list of permissions?" Is it going of display? every permission? But I guess you just answered that, or you know, is this going to work In such a way that it would get a list of only the permissions that we were taking away.
You know I could see this being used, for, like when we have student workers at the end of the semester and we want to take away their cataloging or inventory permissions.
[Ros, Amanda L] 10:25:59
So I guess that's my question. If the way that the Bulk Edit is going to work is that the list of names that you have, we're going to take away their inventory edit permission. Then I don't need to see all the permissions.
[Ros, Amanda L] 10:26:28
The command line is just that everybody that's in the file is going to remove the same permission.
[Magda Zacharska] 10:26:37
So this is actually covered in a later screenshot that we will get here later.
[Jennifer Eustis (she/her)] 10:26:49
Yeah, I have the same concern that you have Magda. You said the same thing that the list is gonna get really very very long. And do you display just the permissions, or also like we have user groups?
[Jennifer Eustis (she/her)] 10:27:12
So I'm wondering if we display it the same as the user records and maybe we have an action to download. So then we could see everything via the CSV downloaded file.
[Magda Zacharska] 10:27:38
Yeah, so this partially answers my question about what should be when we download the matched records.
[Magda Zacharska] 10:27:47
So speaking about how many records we are talking about. So here is an example. This is my record in bugfest Nolana. The list goes on and on and on, and I'm pretty sure there will be a lot of users like that.
[Erin Nettifee] 10:28:20
It very much depends on how the institution manages it. Because you could put all this into a permission set, and if you did that, it would just show one line, right? There's so much flexibility here, so I think what you're seeing here, is common but there are differen ways you can do it that would make this list
not that long.
[Ros, Amanda L] 10:28:40
My concern would be if there was any discussion of truncating the list, of what is displayed, you know you may not see the one that you're editing our planning on editing.
[Erin Nettifee] 10:29:15
So I will say for sure that a download of the record should have the entire permission.
[Magda Zacharska] 10:29:22
So could this be that all this data goes into one field separated by commas exactly like it is here?
[Erin Nettifee] 10:29:33
Yeah, I I don't see any reason why you would have to do it differently.
[Magda Zacharska] 10:29:36
Okay.
[Peter Martinez] 10:29:44
Yeah, I have a question. Could there be a column that has something like a permissions count, and then that would link to that person's list of permissions?
[Peter Martinez] 10:30:00
This way, when we get Data Import logs, we can link to a record from the information there.
[Peter Martinez] 10:30:09
And would that even be useful?
[Magda Zacharska] 10:30:11
Oh, okay. So you're saying there would be a number representing the number of permissions for a user and this would hyperlink to the user's profile?
[Peter Martinez] 10:30:33
Yes, or at least a list of them.
[Peter Martinez] 10:30:36
I don't know which one would be more useful.
[Erin Nettifee] 10:30:37
It's definitely an interesting idea.
[Magda Zacharska] 10:30:40
Yes.
[Erin Nettifee] 10:30:41
I will say, Magda, that the permissions user API does not give you a record count, right? So Bulk Edit would have to do the record count if that is something people wanted.
[Magda Zacharska] 10:30:52
But we can display the label "see permissions" and just replace this with the link to the user profile.
[Magda Zacharska] 10:30:59
I just want to bring up that
[Erin Nettifee] 10:31:02
Yeah, that actually is an interesting idea. If you could have a link that when clicked takes you into the user record with the permissions accordion open that to me is great.
[Erin Nettifee] 10:31:16
That would work really well. Jennifer has her hand up.
[Jennifer Eustis (she/her)] 10:31:21
Yeah, that's a great idea because when you said counting, I thought, would you count the permissions or the permission sets?
[Magda Zacharska] 10:31:31
I'd rather not count as well.
[Erin Nettifee] 10:31:38
Jeanette brings up the point about what if you don't have permission to view user records.
[Magda Zacharska] 10:31:42
You will not be able to see the Bulk Edit option, because we already control that by permissions. So if you don't have permission to see user records.
[Erin Nettifee] 10:31:50
Right.
[Erin Nettifee] 10:31:57
Well, there's permission to see
[Magda Zacharska] 10:31:58
You don't you? Don't. You don't see this radio button at all.
[Erin Nettifee] 10:32:03
But there, there is a separate permission in the user app that controls seeing the permissions accordion. So you would need to have a similar kind of thing that says you have to have the ability to edit permissions in order to see the option.
[Magda Zacharska] 10:32:42
So that link, I think, would take the user to this screen in the User App. But the user would need to click on the permissions accordion themselves. Would that work?
[Erin Nettifee] 10:32:54
Oh, so you can't just open it straight to the permissions accordion?
[Magda Zacharska] 10:32:57
You cannot go directly to the permissions.
[Erin Nettifee] 10:33:00
Yeah, I mean that works. You know, we can do version one of the UI kind of thing, and think about different approaches in the future.
[Erin Nettifee] 10:33:16
But yeah, I think that works. I think most people who are doing this are gonna already probably be pretty comfortable with editing permissions, because they probably do it one by one, for various reasons, whether they're a department manager or whether they're
the library has them as a permissions manager so I don't think it's a difficult thing to ask there, especially if I can just decide to download the CSV file and not have to go into the user app at all.
[Magda Zacharska] 10:33:42
Okay.
[Ros, Amanda L] 10:33:43
It is interesting though. It does show the number of permissions if you go back up Magda and collapse your accordion.
[Magda Zacharska] 10:33:55
Yes, it shows.
[Erin Nettifee] 10:33:55
It does. Yeah.
[Ros, Amanda L] 10:33:56
Yeah. So you know, if it could get the number from there.
[Erin Nettifee] 10:34:01
What is the number matter, though? How would you use it if you were in?
[Ros, Amanda L] 10:34:05
Well, I mean, we were talking about that a few minutes ago about, you know, seeing how many permissions.
[Magda Zacharska] 10:34:12
But there is something wrong with this because right now it shows that I have 0 permission.
[Erin Nettifee] 10:34:19
That is a Stripes thing, it doesn't load super fast.
[Erin Nettifee] 10:34:22
You can see it just loaded it now.
[Erin Nettifee] 10:34:25
It doesn't load it super instantaneously. So what that means is that the user's app is doing that count.
[Magda Zacharska] 10:34:32
Which means, if we have such a delay for just one record, what will be the delay if we have hundreds of records on the bulk edit part?
[Erin Nettifee] 10:34:44
Permission is definitely slow. That is a known thing.
[Magda Zacharska] 10:34:48
So I will need to talk with the developers about that, and I'll come back to this group.
[Magda Zacharska] 10:34:56
I like the idea of linking to the profile so that if you want to see the permissions you can take a look.
[Magda Zacharska] 10:35:10
But this is not a part of the display. As we discussed the action button on the Bulk Edit will save the user record with all the permission associated with it.
[Erin Nettifee] 10:35:27
Can you go back to the screenshot with the columns?
[Erin Nettifee] 10:35:38
I would really love to see the username.
[Magda Zacharska] 10:35:43
Yeah. So I think it's even easier for us to reuse whatever we have here for the users.
[Erin Nettifee] 10:35:50
And then just and then just add a seventh column that's a link to the patron, or make the name a link or something like that.
[Magda Zacharska] 10:35:54
Yes, hmm.
[Erin Nettifee] 10:35:57
Yeah, I agree.
[Ros, Amanda L] 10:36:01
I think it would be cleaner if you just made the username a link.
[Erin Nettifee] 10:36:09
I don't have a strong opinion about it.
[Magda Zacharska] 10:36:11
This is also a good idea.
[Ros, Amanda L] 10:36:11
Well, I don't have a strong opinion. I'm just saying that I think it'd be cleaner.
[Erin Nettifee] 10:36:19
Well, the only thing is that username is not a required field.
[Erin Nettifee] 10:36:23
So you would. You would have to handle scenarios where the username was blank.
[Ros, Amanda L] 10:36:24
Oh, okay.
[Erin Nettifee] 10:36:29
Barcode is also not a required field.
[Magda Zacharska] 10:36:34
Oh, we can even make it the whole row. Make it clickable, and clicking on the row will open the record.
[Jennifer Eustis (she/her)] 10:36:49
Does the user account also list all the hidden permissions?
[Erin Nettifee] 10:37:12
So so, Mag, to go back to insomnia for a second, if you don't mind?
[Erin Nettifee] 10:37:20
So what you're looking at here is the list of the permissions that are assigned to Magna's account in this environment.
[Erin Nettifee] 10:37:28
These are all sort of like top-level permissions you would see if you've looked at her record. What you're seeing in the UI is like a translation value.
[Erin Nettifee] 10:37:42
But it represents these things below. It doesn't matter in this list if these are hidden or not.
[Erin Nettifee] 10:37:49
If they're assigned to the record it's gonna show up.
[Erin Nettifee] 10:37:53
Well, actually. That might not be true. You have to have permission to see the hidden permission in the UI.
[Robert rscheier@nelib.org] 10:37:57
There's a setting
[Erin Nettifee] 10:38:08
Yeah. That's an interesting thing.
[Erin Nettifee] 10:38:13
It may not show the hidden permissions. You would see it in CSV download because the CSV download would pull this record, but you wouldn't necessarily see it in the UI.
[Erin Nettifee] 10:38:35
So let's imagine a scenario where you know User X is is is in a folio environment, and they have 10 permissions on their record.
[Erin Nettifee] 10:38:45
Right, and of those 10 permissions 8 of them are visible, and 2 of them are hidden they were assigned to their record for some troubleshooting purpose, or whatever.
[Erin Nettifee] 10:38:56
If Bob logged into this environment and Bob does not have permission to see hidden permissions.
[Erin Nettifee] 10:39:04
Bob, it's gonna look to Bob like it's 8 permissions instead of 10.
[Magda Zacharska] 10:39:07
Oh!
[Erin Nettifee] 10:39:08
Even though those 10 permissions are in the underlying data.
[Magda Zacharska] 10:39:12
Oh!
[Erin Nettifee] 10:39:14
So you know, a key takeaway for anybody who's thinking about this is you don't want to have to assign hidden permissions.
[Erin Nettifee] 10:39:22
People need to do it because of different troubleshooting and broken functionality and stuff like that.
[Erin Nettifee] 10:39:27
We're trying to get the project to the point where you don't have to do that stuff.
[Erin Nettifee] 10:39:31
But it's going to be a reality, I think, for many more releases.
[Erin Nettifee] 10:39:36
But that's just a nuance that I don't think Bulk Edit can get around right. That's just a nuance of the permission structure. And so, you know, there are some questions we need to think about. For example in a scenario where I assigned a Bulk Edit permission to Bob, and I want to remove it from Bob, but Bob can't see it.
There's gonna be different scenarios that need to be accounted for.
[Erin Nettifee] 10:40:08
I don't know if that made sense at all.
[Jennifer Eustis (she/her)] 10:40:13
No, it did. And I think you're right. Right now the hidden permissions seem as though they're in flux, you know. So, and we're still trying, I think, to iron out some things like, I import EDIFACT invoices, but I'm not an acquisitions person.
So, I have to have all the permissions for Finance and all that.
[Erin Nettifee] 10:40:40
So the workaround for an institution is documented. The workaround is that the institution needs to create a permission set that's visible and put all those hidden permissions into that visible permission set and then assign the visible permission set to you.
[Erin Nettifee] 10:40:58
You don't want to work with hidden permissions on an individual user level.
[Erin Nettifee] 10:41:02
But some places still do it, and they can have valid reasons to think that is the best way to do it. But they're gonna run into problems.
[Jennifer Eustis (she/her)] 10:41:10
And some of that functionality at least for Data Import and Invoices is being fixed.
[Jennifer Eustis (she/her)] 10:41:16
I think it's like in Orchid.
[Erin Nettifee] 10:41:16
Sure, sure.
[Magda Zacharska] 10:41:19
So Erin, I have a question. If an institution creates a permission set, do the permissions assigned or unassigned on the permission set level works the same as if the individual permissions were selected?
[Erin Nettifee] 10:41:37
That is the way that you would do it if you were using that workaround. Yes.
[Magda Zacharska] 10:41:40
And the behavior is exactly the same as you would assign one specific permission.
[Erin Nettifee] 10:41:45
Right. So a permission set can be identified in the underlying data because it's mutable equals true.
[Erin Nettifee] 10:41:54
That's the value that says this is a permission set that somebody made.
[Magda Zacharska] 10:41:59
So this is an example of permission in the permission set, which is the permission.
[Erin Nettifee] 10:42:06
Right, and so there, you can see that it's mutable equals, false.
[Erin Nettifee] 10:42:10
This is actually this is provided by MOD inventory.
[Erin Nettifee] 10:42:14
So this is an example of a permission where if this was assigned to somebody, it would show UI inventory dash all permissions dot temporary.
[Erin Nettifee] 10:42:25
But if Jen only needed to browse dot contributors, dot instance dot collection dot get.
[Erin Nettifee] 10:42:36
She just needed that one little individual thing, the workaround, is for me to go into settings in FOLIO and create a permission set that's called, you know, "contributor-browse-workaround."
[Erin Nettifee] 10:42:48
Then I assign this "browse.contributors.instance" to that permission set, and then I assign "contributor-browse-workaround" to Jen, and when I do that, then Jen's permissions could be managed just like anything. You
don't have to worry about the hidden permission part of it.
[Magda Zacharska] 10:43:05
Okay.
[Magda Zacharska] 10:43:15
Well, I thought that would be simple, but apparently, it is not
[Erin Nettifee] 10:43:20
There is some information on visible versus invisible permissions on the FOLIO documentation site here: https://docs.folio.org/docs/platform-essentials/permissions/
[Erin Nettifee] 10:43:52
But I think we're probably gonna have to be really explicit about users A and B and describe some different scenarios, and then describe what Bulk Edit can and cannot do because I don't think bulk Edit should be working around some of these things.
It needs to work with the permission model as it's implemented, or it's in all.
[Magda Zacharska] 10:44:16
So we will be calling the existing API. So we are not planning to create a new one.
[Erin Nettifee] 10:44:22
Sure.
[Magda Zacharska] 10:44:23
So, if whatever is implemented in permissions, this is what we are going to use to make sure we are not introducing problems.
[Magda Zacharska] 10:44:36
However, as we have learned already, some of the business rules are implemented in the UI and not in APIs. So using APIs sometimes may be dangerous. That's why are having this conversation and I will definitely follow up with you.
[Magda Zacharska] 10:44:53
We have 15 min left, and I would like to go to the next 2 slides.
[Magda Zacharska] 10:45:07
We decided we are going to reuse the existing user's layout with the option to give the user a chance to see the record details, either through the app's additional column or by making a row clickable. That is be decided yet.
[Magda Zacharska] 10:45:28
But this is something that needs to happen.
[Erin Nettifee] 10:45:31
Right, we're not just displaying it here. We're gonna link out to the user record.
[Magda Zacharska] 10:45:34
Yes, yes. So on the screen, the user clicks the actions menu, starts Bulk Edit, and gets to the screen that has this dropdown.
[Magda Zacharska] 10:45:50
A menu that will continue dropdown control that contains only one option, "User Permission." The action offers 2 options, "Add" or "Remove," nothing else. And then there will be a drop-down that will be searchable with the whole list of permissions, or sets.
[Magda Zacharska] 10:46:25
And this would allow for multiple selections, because sometimes you would like to add.
[Erin Nettifee] 10:46:31
Is it possible in this context to leverage the existing add permissions modal that has the search functions because the permissions list is very long.
[Magda Zacharska] 10:46:44
You mean this one?
[Erin Nettifee] 10:46:46
Yeah.
[Magda Zacharska] 10:46:49
I was thinking about that. That would be a significant change for the UI, but we can discuss this as well.
[Erin Nettifee] 10:47:01
Can I do a type ahead? If I have to scroll through a list ...
[Magda Zacharska] 10:47:13
This is similar, to how locations work in Inventory, and we implemented it also in Bulk Edit.
[Erin Nettifee] 10:47:23
Okay. So if I wanted something like settings.users, I could start typing settings, and it would jump to settings in the list?
[Magda Zacharska] 10:47:31
Yes, exactly.
[Erin Nettifee] 10:47:46
Okay. Alright, that seems reasonable to me. Others please chime in.
[Magda Zacharska] 10:48:01
I also have a question, would it be a requirement that you need both add and remove some permissions?
[Erin Nettifee] 10:48:16
Yes, and the use case for that is managing deprecated permissions.
[Magda Zacharska] 10:48:23
Oh!
[Erin Nettifee] 10:48:24
So we've upgraded FOLIO, and 2 permissions are deprecated, so I need to remove them and then replace them with these other permissions. So I need to add it ideally. I would do that in one step instead of 2.
[Magda Zacharska] 10:48:39
So instead of add and remove, we would need to have also an additional replace.
[Erin Nettifee] 10:48:47
Or I could have 2 action lines.
[Magda Zacharska] 10:48:53
We already implemented functionality for find and replace, so I'll discuss this a little bit with the development team. How would you, as a user, prefer to have it?
[Erin Nettifee] 10:49:14
I would prefer to have them separate because I think that's cleaner in my head, but I don't know what others think.
[Erin Nettifee] 10:49:23
I would be able to clearly see that I am removing these 2 things. And I'm adding this thing. I don't know how you would indicate that you're going to replace because it's not always a one-to-one match.
[Jennifer Eustis (she/her)] 10:49:38
That's what I was going to say. I think it is clearer in my mind what you want to remove and then what you need to add.
[Jennifer Eustis (she/her)] 10:49:46
As you said, it is not always one-to-one. You may have one and now there are 4 new permissions for that.
[Jennifer Eustis (she/her)] 10:49:55
So I think it's just cleaner, and it's easier to see and troubleshoot as well.
[Magda Zacharska] 10:50:08
And the other opinions?
[Erin Nettifee] 10:50:10
Amanda is agreeing in the chat.
[Ros, Amanda L] 10:50:14
Yeah, I agree with both what Erin and Jennifer are saying.
[Peter Martinez] 10:50:42
I'm sorry I had one question back to the last screen.
[Peter Martinez] 10:50:46
This is a general interface thing. I've seen problems where you highlight the ones you want and for very long lists. If something gets unclicked or clicked by accident, it gets missed.
[Magda Zacharska] 10:51:00
Yeah.
[Peter Martinez] 10:51:03
So I don't know what it's like here.
[Magda Zacharska] 10:51:04
No, this was highlighted just to communicate the idea.
[Peter Martinez] 10:51:10
Oh, okay. I'm sorry.
[Magda Zacharska] 10:51:13
So whatever you select goes on top like you see here with current functionality in Bulk Edit.
[Peter Martinez] 10:51:29
Okay. I'm sorry.
[Erin Nettifee] 10:51:31
No, it's a good question, Peter. I'm glad you're asked for qualification.
[Magda Zacharska] 10:53:25
I just highlighted them in in blue, because this is what I would like to be presented when you get the are you sure form.
[Magda Zacharska] 10:53:36
So we will see the same columns as we see in user records with a new column. If we add new permissions, we will see those new permissions listed here.
[Magda Zacharska] 10:53:50
If removed. This label will be called remove permission, and they will be listed here.
[Magda Zacharska] 10:53:59
Would that work? Or is it confusing?
[Magda Zacharska] 10:54:05
Because on this "are you sure" screen, this is the moment before you commit your changes to the database?
[Magda Zacharska] 10:54:12
You need to confirm the permissions you are adding or removing.
[Magda Zacharska] 10:54:23
And here we will list all of them. So if you are adding 10 permissions, those 10 will be listed here.
[Erin Nettifee] 10:54:36
Yeah. That's good. Just thinking out loud. But again, you're also not showing the entire list of permissions which is kind of how I might think about it in my head.
[Erin Nettifee] 10:55:08
So I, yeah, I'm not entirely sure.
[Magda Zacharska] 10:55:21
Anyone. Please speak up.
[Erin Nettifee] 10:55:43
I mean, if there's not a better idea than an add column and a remove column, then I would just do that.
[Magda Zacharska] 10:55:49
That would be easier because it will not require manipulation.
[Erin Nettifee] 10:55:54
Yeah, I mean, I don't see any need to try and combine those steps into this display, or anything like that.
[Magda Zacharska] 10:55:59
And also as you specify, you will have a use case when you will be adding one and removing one.
[Magda Zacharska] 10:56:11
Then you will need to have them both displayed. Okay, so this is it for the permission set.
