2021-01-25 Resource Access Meeting Notes
- Jana Freytag
- Molly Driscoll
- (OLD ACCOUNT) Erin Nettifee
Owned by Jana Freytag
Date
Attendees
@christine Tobias
Discussion Items
| Time | Item | Who | Description | Goals/Info |
|---|---|---|---|---|
| 2min | Administrivia | As per our decision from last Thursday we structure the meetings from now on as follows: Mondays will be for the general discussions on features and bugs and as a placeholder for PO agenda items Thursdays will be for
|
| |
| 10 | Report from the PC | the QA process changes, Governance meeting, and WolfCon survey. Links: Anton's report QA Initiatives 2021 Governance update https://docs.google.com/presentation/d/1yNFsfgqldK836enSXxNicC6RBW6YaiedBDjYWmh54jU/edit#slide=id.p Wolfcon survey: https://forms.office.com/Pages/ResponsePage.aspx?id=yjb6UNN98USePxvzmjljpX5kdc6A165Ph_UGfjPi5CpURDhJWFFGRVYxVk84Szk3TVMzWDBPQTRRRS4u | ||
| 45Min | Permissions | General Discussion Update by (OLD ACCOUNT) Erin Nettifee on different permission types in FOLIO Slide Deck to help guide discussion: |
Meeting Outcomes
Functional Area | Product Owner | Planned Release (if known) | Decision Reached | Reasoning | Link to supporting materials | Comments |
|---|---|---|---|---|---|---|
| e.g. loans, fees/fines | Name | e.g. Q4 2018, Q1 2019 | Clearly stated decision |
| e.g. mock-up, JIRA issue | |
Notes
- PC Announcements, Sharon Wiles-Young
- Links in agenda
- Friday, 1/29, 10 AM EST: Mike and the Governance Committee are going to give an overview of the Governance Model.
- Will address questions.
- Anton et al are looking at the testing process; thinking of moving some testing after sprint reviews to avoid finding issues so late in the process (Bugfest) in future.
- User permissions discussion, Erin Nettifee
- Slide deck in agenda
- Intention is to provide background info on permissions and foster discussion on the topic.
- FOLIO permissions are granular, with several little pieces: some hidden, some visible.
- Permission attributes: all permissions have some/all of these values.
- permissionName: can be very lengthy, typically contains an action verb; acts as unique identifier.
- displayName: what appears in the UI (permission picker plugin); required if a visible permission.
- Description
- subPermissions: cluster of more granular permissions; cannot be discerned in UI
- visible: dictates whether it appears in the UI (permission picker plugin); only about 10% of all permissions appear in UI unless developer setting has been flipped to show hidden permissions.
- Note: showing invisible permissions can wreak havoc on user functionality in FOLIO due to sheer volume – UI not meant to handle that – but you can turn on to poke around test
- Permissions v. permission sets
- Confusing concept/terminology
- Don’t worry about the difference; people tend to use terms interchangeably.
- Use permission sets explicitly when talking about building in user settings.
- Some institutions are worried about sub-permissions.
- Questions & discussion:
- Andrea L.: So how do we find what sub-permissions are assigned?
- Github – even showing invisible permissions in UI does not show sub-permissions.
- Amelia S.: If there is no specified "visible" field is the value is assumed false?
- Correct; there needs to be an explicit true for the permission to display in the UI.
- Mark C.: Has there been any thought given to delivering FOLIO with default permission sets?
- One possibility is to gather from Snapshot
- Some ERM libraries and early adopters shared their permissions sets on the Wiki: https://folio-org.atlassian.net/wiki/display/FOLIOtips/Sample+Permissions+Sets+from+Implementing+Institutions
- How are permissions managed upgrade to upgrade?
- Adding functionality in Iris to migrate built in permissions to address changes/deprecation.
- Does not help with new permissions, but new permissions should be documented by POs in release notes for each version.
- Anya: How do we rectify dependent permissions? E.g. if you need inventory permissions for courses, what is the “rippling” impact?
- com/folio-org
- If a module has mod- prefix, typically back-end (usually hidden permissions)
- If a module has ui-prefix, typically front-end (usually visible permissions)
- Courses had both a mod- and a ui- module
- Look in package.json (sometimes names differently)
- Has lots of information about permission sets and sub-permissions and when those overlap between apps
- Need to have communication between practitioners and developers to have a permission set that reflects the need/desired behavior while working within the bounds of what FOLIO allows.
- Erin: What kind of documentation do we want/need for permissions?
- Role-based permission set advisory
- Descriptions displayed in tool-tip – helpful for many things in FOLIO
- Name, description, sub-permissions, visibility included in documentation
- Erin showed spreadsheet maintained by POs. Might not be super accessible, but could be adapted for a better format with PO buy-in and consultation with Marcia.
- Keeping this up to date and more visible is a good interim solution
- David: More inclined to be generous with permissions if system logging of operator actions is improved.
- g. not just logging renewals, but logging operator of a due date change.
- Circulation log may help bridge that gap with RA-related actions
- Are there permissions that are missing that are required by your institution?
- Permission restrictions when off duty.
- Would need to be facilitated by hosting provider based on location, rather than schedule.
- IP or VPN restriction – depends on campus configuration
- 2 factor authentication setup
- Restrictions by service points were discussed but have not gained momentum.
- Permission restrictions when off duty.
- Andrea L.: So how do we find what sub-permissions are assigned?
- Please add topics for Thursday's meeting. We will be discussing documentation but would like more granular topics.