2022-03-30 Meeting notes

Owned by Maura Byrne
Last updated: Mar 30, 2022
2 min read

Date

Attendees

Goals

  • Erin and Patty will present on UXPROD-3614 - Permissions Management improvements for Morning Glory

Discussion items

TimeItemWhoNotes
5 minNote takerMaura
  • Maura took notes for this meeting.
30 min Discuss UXPROD-3614Erin and Patty

Erin shared a slide presentation explaining the changes that needed discussion for Morining Glory.

The way permissions management works in Kiwi is too broad, and needs to be tightened up.

  • In Lotus, developers added three permissions.
    • Perms.users.assign.mutable ("mutable" = "Permission sets" in the UI)
    • Perms.users.assign.immutable ("immutable" = "Permissions" in the UI)
    • Perms.users.assign.okapi
  • The developers also added a function in Lotus where a user who was granted permission to assign or unassign permissions could not add permissions that they themselves didn't already possess.
  • For Morning Glory, developers need our input in the following:
    • Are there use cases for permissions management where FOLIO users should only be able to assign permissions to other users that they already own?  The SIG answered yes.
    • Are there use cases for permissions management where FOLIO users should only be able to assign locally-created permission sets to other users?  The SIG answered yes.
    • Should a user be able to “Unassign all permissions” even if they include permissions that person doesn’t own?  The SIG agreed with RA-SIG - This should be possible, but it should have its own permission.
    • Proposed UI changes:
      • If User A needs to assign permissions to User B using the Users UI, the list that comes up should have a greyed-out checkbox for permissions that User A doesn't possess.
      • The term "Permission sets" should be changed to "Permission groups," to cut down on confusion.
  • The question boils down to three options:
    • Option 1: keep Lotus functionality as-is, and any user with permission to assign/unassign permissions can do so regardless of whether they possess those permissions themselves.
    • Option 2: The current permission named "Users: Can assign and unassign permissions to users" applies only to permissions to current user possesses.  Also make the "Perms.users.assign.[mutable | immutable]" visible, specifically labeling each of them as permission to add/remove permissions (or sets) the current user doesn't possess.
    • Option 3: Same as Option 2, except that the "Perms.users.assign.[mutable | immutable]" are combined and made visible.

The SIG favored Option 3.

Erin and Patty will write up User Stories for these functions.

Action items

  •