Skip to end of banner
Go to start of banner

Permissions naming convention

Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 5 Current »

A set of naming conventions for permissions

The components of the permission names should be used in a hierarchical manner, from the most general (module) to the most specific (action). The permission name should contain the following components separated by a dot. 

1. Module-Specific Prefix

  • Convention: Start with a service-specific prefix indicating the Folio module.

  • Examplefinance-storage in finance-storage.budgets.item.post.

2. Resource Identifier

  • Convention: Follow with a resource identifier, specifying the particular resource is being accessed or modified.

  • Examplebudgets in finance-storage.budgets.item.post.

3. Entity Scope

  • Convention: Indicate the scope of the operation: whether it's for a single entity (item) or multiple entities (collection).

  • Exampleitem in finance-storage.budgets.item.post signifies an operation on a single budget entity.

4. Procedural Permissions

  • Convention: Use a clear and descriptive name for procedural permissions, usually ending with an action verb.

  • Exampleinvoice-transaction-summaries.execute in finance.invoice-transaction-summaries.execute.

5. Action Verb

  • Convention

    • Backend permission action verbs: Use HTTP-like verbs to specify the action. The available action verbs are:

      • get for retrieval

      • post for creation and execution

      • put for updates

      • patch for partial updates

      • delete for delete

      • execute for execution

    • Frontend permission action verbs are:

      • view for viewing of entities 

      • edit for edit of entities 

      • create for creation of entities 

      • delete for deletion of entities

      • enabled - single permission for the module, that marked it “enabled“

      • execute - for actions' executions

      • manage - any kind of aggregators or when execute sounds weird

  • Examplepost in finance-storage.budgets.item.post indicates a creation operation, create in "ui-inventory.item.create"

6. Settings Permissions

The settings permissions should not have action verb.

  • Exampleui-inventory.settings.call-number-types

7. General Permissions

  • Convention: For broad or general permissions that encompass multiple actions or resources, use a comprehensive term followed by all.

  • Examplefunds.all in finance.funds.all indicates a permission that applies to all actions related to funds.

Current naming conventions violations

In the file above there are permissions, that are not matched with algorithm, that uses the naming conventions.

Common conventions violations cases are: 

  1. The backend action verb (e.g. execute, post) is omitted: circulation.internal.apply-rules , circulation.override-patron-block, okapi.env.list

  2. The frontend action verb (e.g. edit, execute) is omitted: ui-users.loans.renew, ui-users.loans.renew

  3. The general postfix ui-orders.third-party-services, ui-users.feefineactions, ui-users.accounts

  4. Using non-standard action verbs: user-import.add, ui-users.loans.anonymize, mod-settings.global.read.ui-ldp.admin, ui-inventory.instance.createOrder

  5. Adding additional details after the action verb: ui-bulk-edit.view.base,

Conclusion

These conventions should help in maintaining a structured and clear approach to defining permissions, making it easier for developers and administrators to understand and manage access controls within the Folio.

  • No labels