Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Version 1 Current »

Discussion

Permissions

  • Permissions can be given by role (i.e. Admin, Trainee, Trainer etc) or to an individual - - resource name
  • Policies show what they are allowed to do, if they are not expressly given access then they will not have it (everything is denied until and unless they are)
  • Need a manual trigger process where someone changes role to amend permissions
  • UI will need to
    • list of all organisations, all services, all teams, all types (check Graham’s page)
    • allow user mgmt team to allow/deny permissions by principals (people/org/team)
    • allow user mgmt team to allow/deny permissions by type (constrain sensitive)
    • list all permissions by user / user group
  • Do not expose the user management 
    • use big bucket roles
    • service names & types
  • Timestamp and name audit actions taken (view / edit)


Imports

  • admins upload bulk spreadsheet - data maps to xml document, list of trainees provided by recruitment lead
  • automatic import - send data file per trainee data
  • add within TIS - 
  • all validation rules should be consistent
  • need to ensure that data maps - 3-way


Off boarding

  • no deletion of people in the system
  • make an account inactive
  • trigger remove permissions / authentication


Passwords

  • new email format
  • send out email with temp password which they must change


Actions

  • expose currently defined roles (Graham)
  • clarify service names and types within it from Dev (IO)
  • validation rules to be reviewed defined (AP/JW)
  • consolidate user management components (IO)
  • request a view of Programmes permissions (IO)
  • define process for add/remove user (IO)

Outstanding Questions

  • how are permissions managed?
  • how are negative permissions surfaced?
  • No labels

0 Comments

You are not logged in. Any changes you make will be marked as anonymous. You may want to Log In if you already have an account.