/
2019-06-26 User Management Meeting Notes

2019-06-26 User Management Meeting Notes

Jul 01, 2019

Meeting info

Zoom:  https://zoom.us/j/488543197

Attendees

@Maura Byrne

@Jana Freytag

@jackie.gottlieb@duke.edu (Deactivated)

@Uschi Klute

@Philip Robinson

@Annika Schröer

@Stefanie Sußmann

@Todd Wallwork

 

Goals

 

Discussion items

Time

Item

Who

Notes

Time

Item

Who

Notes

 

Use cases for teams

Group

Use cases for teams

  • Permission related:

    • Current acq use-case, have only members of a specific team edit a certain resource

  • Worflow related:

    • Assign a task not to a particular person but to a team (if someone is on vacation/sick leave/…)

  • Contact information related, this would need to have some kind of team app frontend:

    • Who is working at a specific location?

    • Who is responsible for eResources, acquisitions, etc.

 

 One user needs to be in several teams -> many to many relation

 

What would be useful for descriptive error messages

Group

Need more specifics to answer this questions. What kind of error messages?

→ Carry over to one of next meetings

 

What are templates and how would they be used?

Group

Different kinds of “templates” relevant for user-related tasks

  • user notifications: e-mail templates

  • assigning permissions (and other values?) to users when creating new records, some kind of pre-filled create form

  • provide limited views to records / limited actions:

    • Use case: Student workers helping with checkout should not be able to see patron address data

      • @Annika Schröer: It already is possible in Folio to hide information in the frontend. The data is being sent to the browser (and can be seen quite easily in the network traffic), but the FOLIO fields can be blanked out. So this is no secure solution at all but might be sufficient for some small use-cases.
        It is also possible to have the apps define distinct APIs for confidential fields, if there are not too many combinations of what people should be able to see and not see. Permissions are possible at API level.

 

Ideas to discuss around permissions

Group

Ideas to discuss around permissions

  • Function-driven permission sets like check-in media, manage agreements etc.

    • each permission set contains the atomic permissions necessary to do the task

    • permission sets can easiliy be assigned to a userjust by knowing the work he will have to do, without detailed knowledge about atomic (technical…) FOLIO permissions

  • Permissions can be assigned to teams (E-Resource team, Front desk team, team medicine campus)

    • A user can get by being member of a specific team

    • Permissions for teams plus extra permissions for single persons

  • Template with certain permissions for certain groups, vs. permissions for teams

  • Are permissions additive?

    • Should there be a possibility to assign a permission set MINUS one of them

    • Does a permission like “edit item” bring “view item” with it? What happens if “edit” is taken away and the user still should have permission to view items?

      • → Permissions should double, that would not be very clean, but an easy way to work with changing permissions