You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Define roles and security rules so that a user can be assigned appropriate privileges
Action Items
Get approval from Bonnie
Overview
Define privileges for KB roles for user and groups so that KB users have privileges needed and no unneeded priviliges and no information they don't. Implementation will be a separate issue.
Action Items
Review Detail Section
Decide on which user fields are needed by KB users that will be displayed on the documents.
Details Draft
There will be an API kb/user. The API will enforce user security based on PD roles that start with kb. The roles will be seeded into the existing Django roles table.
Terminology: A contributor is a People Depot user with the kb-contributor role. The API will be secured using Django roles. Below are the Django roles and what a
name
linked in
website Row Level Privileges
kb-nonpriv: user that can be associated with a document but has no privileges
no privilege
kb-viewer: user that can view all information but has no privileges
PD: can view up to date level 1 fields of a PD user and roles
can view all KB info
kb-contributor
PD: can view up to date level 1 fields of a PD user and roles
can view all KB info
can create a document
can assign themselves to a document
can update documents to which they are assigned
kb-docadmin
PD: can view up to date level 1 fields of a PD user and roles for users with a kb role
can view all KB info
can create, read, and update all documents
can assign and deassign any contributor to a document. Some contributors may be Hack4LA users.
can update all documents
kb-admin
PD: can view up to date level 1 fields of a PD user and roles for users with a kb role
can view all KB info
can create, read, and update all documents
can assign and deassign any contributor to a document. Some contributors may be Hack4LA users.
can create, read, and update all kb info (e.g.: topic area) that is not sourced from PD (e.g., users, roles, practice areas, and topic areas)
Below this is specified in table format.
Role | Users | Assign Yourself | View All KB Info | Self Assign | Update assigned document | Update all documents and assignments |
| ----- | ----- | ----- | ----- | ----- | ----- | ----- |
| kb-viewer | X | | | |
| kb-contributor | | | | |
| kb-docadmin | X | X | ||
| kb-poweuser | X | X | X |||
| kb-admin | X | X | X | X | X | X | X |
Field Level Privleges
Read: Field level read privileges are the same for all users.
Update: kb-admin and kb-useradmin can update any non-system fields that can be read except system populated fields.
Create: kb-admin can specify any non-system field they can read
The text was updated successfully, but these errors were encountered:
Overview
Define roles and security rules so that a user can be assigned appropriate privileges
Action Items
Overview
Define privileges for KB roles for user and groups so that KB users have privileges needed and no unneeded priviliges and no information they don't. Implementation will be a separate issue.
Action Items
Details Draft
There will be an API kb/user. The API will enforce user security based on PD roles that start with kb. The roles will be seeded into the existing Django roles table.
Terminology: A contributor is a People Depot user with the kb-contributor role. The API will be secured using Django roles. Below are the Django roles and what a
name
linked in
website
Row Level Privileges
Below this is specified in table format.
Role | Users | Assign Yourself | View All KB Info | Self Assign | Update assigned document | Update all documents and assignments |
| ----- | ----- | ----- | ----- | ----- | ----- | ----- |
| kb-viewer | X | | | |
| kb-contributor | | | | |
| kb-docadmin | X | X | ||
| kb-poweuser | X | X | X |||
| kb-admin | X | X | X | X | X | X | X |
Field Level Privleges
The text was updated successfully, but these errors were encountered: