Admin User Management - Workshop

Discussion

Permissions

• Permissions can be given by role (i.e. Admin, Trainee, Trainer etc) or to an individual - - resource name
• Policies show what they are allowed to do, if they are not expressly given access then they will not have it (everything is denied until and unless they are)
• Need a manual trigger process where someone changes role to amend permissions
• UI will need to
• list of all organisations, all services, all teams, all types (check Graham’s page)
• allow user mgmt team to allow/deny permissions by principals (people/org/team)
• allow user mgmt team to allow/deny permissions by type (constrain sensitive)
• list all permissions by user / user group
• Do not expose the user management 
• use big bucket roles
• service names & types
• Timestamp and name audit actions taken (view / edit)

Imports

• admins upload bulk spreadsheet - data maps to xml document, list of trainees provided by recruitment lead
• automatic import - send data file per trainee data
• add within TIS - 
• all validation rules should be consistent
• need to ensure that data maps - 3-way

Off boarding

• no deletion of people in the system
• make an account inactive
• trigger remove permissions / authentication

Passwords

• new email format
• send out email with temp password which they must change

Actions

• expose currently defined roles (Graham)
• clarify service names and types within it from Dev (IO)
• validation rules to be reviewed defined (AP/JW)
• consolidate user management components (IO)
• request a view of Programmes permissions (IO)
• define process for add/remove user (IO)
  
  

Outstanding Questions

• how are permissions managed?
• how are negative permissions surfaced?