...
- Allocating all Trust administrators to a new role in Keycloak - one role for all Trust admins
- Linking a Trust Admin to their Trust - initially only one Trust
- Implementing authorisation following the existing (flawed) model as a tactical solution
- Limiting access to TIS at the top menu level - Trust Admins will only have visibility and access to People and Post L1 menu items (not Programmes, Assessments, Admin)
- Limiting access to Sensitive data fields within the Sensitive data L2 menu in People - Trust Admins won't see the four sensitive data fields in People records
- Limiting access to TIS data within People and Post - the List and CRUD for both People and Posts will only show People/Posts relating to the Trust(s) of the Trust Admin
...
Implement standard permission constraints for in the Front End cfor 'HEE Trust Admin' to only People and Posts L1 menu items. This role should also NOT be able to see sensitive data.
Limiting access to Sensitive Data Fields
Implement standard permission constraints in the Front End to limit 'HEE Trust Admin' role to not see the 4 Sensitive Data fields that are already hidden from standard HEE Admins
Limiting access to TIS records within People and Posts
...
Trust ID can be established by navigating through a Person's placements Placements to its Post, to its Site, to its Trust. Because we expect this to be too slow to perform in real time, we're suggesting a PersonTrust table linking a PersonID to a TrustID - 1:many (1 Person can be in Many Trusts).
...