2022-05-09 Meeting notes: Field based permissions

Date

09 May 2022

Housekeeping

• Next topics
  1. Permissions
     1. field based → walk through where needed?
     2. SIG reps and PO
        1. example: specific perms to edit the barcode field
        2. view and edit vs. only view e.g. source record (quickmarc) - there seems to be a JIRA
        3. would be UI-based permissions
        4. Brooks: better-focused on managed customized UIs?
        5. Owen: would be good to undertsand the use cases
        6. ERM use case: it would be nice if our selectors could edit "renewal priority" in Agreements, but nothing else, since they are the ones who decide whether they want to renew an item, but otherwise they should not be allowed to edit
           1. idea to have a specific action
  2. Implementers topics: Implementers topics | Cross-app

Discussion items

• Feedback on field based permissions in ERM
• Feedback on field based permissions in MM
• Lookup functionality across apps - if time allows

Minutes

• ERM field based perms feedback
  • already existing: when linking an organization; to view login credentials for the related interface(s) the user needs a separate permission; same as in organizations app
  • one specific example was raised additionally: it would be nice if our selectors could edit "renewal priority" in Agreements, but nothing else, since they are the ones who decide whether they want to renew an item, but otherwise they should not be allowed to edit
  • Owen's idea - needs more exploration though: rather than having a field based permission for the latter use case, rather have an action (e.g. "set renewal status")
  • with a drop-down maybe to select the status
  • this action would have a permission allowing it or not as well
  • User would not need to open the whole record with perm only to touch one field; the action would reveal potentially only one field
  • Maura in chat: +1 Owen
  • Laura: similar need and thoughts in MM
  • Owen: different approach to basic way that perms work in FOLIO
  • Dennis: in general, that seems consistent with e.g. close orders
    • when opening the order; the status is changed; in backend there is a set of logic running (e.g. create encumbrance in finance app)
    • actions are protected by separate permissions (separate from general edit permission)
    • API call could bypass the restrictions
  • Maura: from a user perspective this is very nice
    • unconscious errors could not happen
    • information that is needed is easier and quicker to find and actions are easier and quicker to take
  • Laura: there is an ongoing confusion between notes app and notes (free text fields on the records)
  • Owen: for actions that are taken as part of workflows there is a related workflow
    • "add notes" as with notes helper app is different; there are separate perms as well
    • approach to field based perms need communication with broader audience
• MM  field based perms feedback
  • Laura in Slack: the desire was to have permissions to edit just one field, e.g., notes, for users who had no other edit permissions. Use cases were given for orders & items, but likely pertain to other record types in other apps as well.
• Next steps: invite SMEs who have given the use cases to walk us through

Chat

Attendees

Action items