Field and action based permissions

Field based permissions

Use cases

#

Use case / Feature

Description

 Apps

Goals

Added by ...

Priority?

1Specific permission to edit the barcode field on the item

Editing the barcode field should only be possible with specific permission. User should not be able to edit the barcode with edit item permission only.

User needs to be able to edit everything except for the barcode.

User needs to be able to edit the barcode, but should not be able to edit any other data on the item.

If resource is in remote storage, users are not allowed to change the barcode

Does not need to be solved via permissions

Having the ability to activate edits at the field level in the detail view vs. entering a full edit screen could help avoid errant data entry…

Inventory

Martina Schildt  after App Interaction discussion

Nice to have
2

Specific permission to edit source records (quickmarc)

User can have view and edit vs. only view permission on e.g. source record (quickmarc) - there seems to be a JIRA

Inventory

Martina Schildt  after App Interaction discussion


3Specific permission to mark instances for deletionMark an instance in Inventory for deletion will be a specific field that can be selected in edit mode. This field should not be selectable by everyone with edit permission on the instance.Inventory

4Specific permission to add notes to records.

A user that only has view permissions for an app, needs to be able to make a note. Current workaround is to have a person with edit permissions make the note for you. This would probably be needed in most apps, but not all.

Split notes from rest of record - make them own object

In the item record, there are two types of notes:
1) bibliographic notes, where the note type is specified in Settings > Inventory > Items - typically edited by cataloguers
2) circulation notes (check in / check out notes) - relevant for and edited by RA staff

Multiple
Important - across apps
5Specific permission to edit user custom fields. A library may want to store information in a custom field on a user record that can be viewed by all, but only editable by some. For example, if a library provides accounts for visiting scholars and wants to list a budget code to be charged if the scholar doesn't return items, this may be viewable by all, but only editable by the library circulation manager.Users
(OLD ACCOUNT) Erin Nettifee 
6Specific permission to view field "Birth date", Home address, other personal information.

Not all system users should be able to see the birth date that is recorded in a user record.

This information needs to be recorded to confirm that a person is of legal age.

Birth date: data accessible to specific people, not everyone

differentiate between create, edit and view; view most vulnerable


Users
Martina Schildt Important - Users app







Action based permissions

Use cases

#

Use case / Feature

Description

 Apps

Goals

Added by ...

Priority?

1Set renewal prioritySelectors should be able to edit "renewal priority" in Agreements, but nothing else, since they are the ones who decide whether they want to renew an item, but otherwise they should not be allowed to edit.Agreements

Martina Schildt  after App Interaction discussion


2Ability to "backdate" a loanStaff checking items in should be able to check them in, but only select staff should be able to check an item in and change the due date to a time in the past (which could allow a user to avoid fines for an item being overdue or lost.)Check in
(OLD ACCOUNT) Erin Nettifee 

Important

Wait for Erin to join

Use cases solved

#

Use case / Feature

Description

 Apps

Goals

Added by ...

Priority?

1Specific permission to see username and pw for platform on organization record

Martina Schildt link JIRA

works via API endpoint

ongoing discussion in TC on storing this personal information more secretly

Organizations

Martina Schildt  after App Interaction discussion


2Specific permission to download attached document in LicenseS appwas already built with specific API endpointLicenses