Discussion
Permissions
- Permissions can be given by role (i.e. Admin, Trainee, Trainer etc) or to an individual - - resource name
- Policies show what they are allowed to do, if they are not expressly given access then they will not have it (everything is denied until and unless they are)
- Need a manual trigger process where someone changes role to amend permissions
- UI will need to
- list of all organisations, all services, all teams, all types (check Graham’s page)
- allow user mgmt team to allow/deny permissions by principals (people/org/team)
- allow user mgmt team to allow/deny permissions by type (constrain sensitive)
- list all permissions by user / user group
- Do not expose the user management
- use big bucket roles
- service names & types
- Timestamp and name audit actions taken (view / edit)
Imports
- admins upload bulk spreadsheet - data maps to xml document, list of trainees provided by recruitment lead
- automatic import - send data file per trainee data
- add within TIS -
- all validation rules should be consistent
- need to ensure that data maps - 3-way
Off boarding
- no deletion of people in the system
- make an account inactive
- trigger remove permissions / authentication
Passwords
- new email format
- send out email with temp password which they must change
Actions
- expose currently defined roles (Graham)
- clarify service names and types within it from Dev (IO)
- validation rules to be reviewed defined (AP/JW)
- consolidate user management components (IO)
- request a view of Programmes permissions (IO)
- define process for add/remove user (IO)
Outstanding Questions
- how are permissions managed?
- how are negative permissions surfaced?
Add Comment