2019-06-26 User Management Meeting Notes

Meeting info

Zoom:  https://zoom.us/j/488543197

Attendees

Maura Byrne

Jana Freytag

jackie.gottlieb@duke.edu (Deactivated)

Uschi Klute

Philip Robinson

Annika Schröer

Stefanie Sußmann

Todd Wallwork


Goals


Discussion items

TimeItemWhoNotes

Use cases for teams

Group

Use cases for teams

  • Permission related:
    • Current acq use-case, have only members of a specific team edit a certain resource
  • Worflow related:
    • Assign a task not to a particular person but to a team (if someone is on vacation/sick leave/…)
  • Contact information related, this would need to have some kind of team app frontend:
    • Who is working at a specific location?
    • Who is responsible for eResources, acquisitions, etc.


 One user needs to be in several teams -> many to many relation


What would be useful for descriptive error messages

Group

Need more specifics to answer this questions. What kind of error messages?

→ Carry over to one of next meetings


What are templates and how would they be used?

Group

Different kinds of “templates” relevant for user-related tasks

  • user notifications: e-mail templates
  • assigning permissions (and other values?) to users when creating new records, some kind of pre-filled create form
  • provide limited views to records / limited actions:
    • Use case: Student workers helping with checkout should not be able to see patron address data
      • Annika Schröer: It already is possible in Folio to hide information in the frontend. The data is being sent to the browser (and can be seen quite easily in the network traffic), but the FOLIO fields can be blanked out. So this is no secure solution at all but might be sufficient for some small use-cases.
        It is also possible to have the apps define distinct APIs for confidential fields, if there are not too many combinations of what people should be able to see and not see. Permissions are possible at API level.

Ideas to discuss around permissions

Group

Ideas to discuss around permissions

  • Function-driven permission sets like check-in media, manage agreements etc.
    • each permission set contains the atomic permissions necessary to do the task
    • permission sets can easiliy be assigned to a userjust by knowing the work he will have to do, without detailed knowledge about atomic (technical…) FOLIO permissions
  • Permissions can be assigned to teams (E-Resource team, Front desk team, team medicine campus)
    • A user can get by being member of a specific team
    • Permissions for teams plus extra permissions for single persons
  • Template with certain permissions for certain groups, vs. permissions for teams
  • Are permissions additive?
    • Should there be a possibility to assign a permission set MINUS one of them
    • Does a permission like “edit item” bring “view item” with it? What happens if “edit” is taken away and the user still should have permission to view items?
      • → Permissions should double, that would not be very clean, but an easy way to work with changing permissions