...
- Trust Users should only see the posts and people (trainees & trainers) related to their Trust
- Trust users should be able to see the Placements and Assessments of People they can access (currently they can't see Assessments, this was acceptable)
- Trust users should NOT be able to see the sensitive data fields of People they can access (ok to see the sensitive data tab, just not the 4 fields)
- Ideally a Trust's People list will show future and past trainees as well as current (possible to also achieve past/future via reporting, without implementing in TIS)
- For clarity, Trust admins will NOT have access to the TIS Admin section, Programmes, Revalidation & Concerns
...
- Allocating all Trust administrators to a new role in Keycloak - one role for all Trust admins
- Linking a Trust Admin to their Trust - initially only one Trust
- Implementing authorisation following the existing (flawed) model as a tactical solution
- Limiting access to TIS at the top menu level - Trust Admins will only have visibility and access to People, Post and Post Programmes L1 menu items (not Programmes, Assessments, Admin)
- Limiting access to Sensitive data fields within the Sensitive data L2 menu in People - Trust Admins won't see the four sensitive data fields in People records
- Limiting access to TIS data within People and Post - the List and CRUD for both People and Posts will only show People/Posts relating to the Trust(s) of the Trust Admin
- Read Only access to Programmes and Posts, Read/Write access to all data visible in all People L2 tabs
We will return to re-implementing authorisation once a new design has been established to provide appropriately secure roles and permissions.
...