Hyrax Permission Working Group - 2020-01-06

Attendees

Chris Colvard (Deactivated) Maria Whitaker LaRita Robinson JP Engstrom Jeremy Friesen

Minutes

We discussed the separation of groups (a collection of people) versus roles (a collection of responsibilities to perform). We also discussed the four dimensions to permissions (as identified in the permission matrix): Who can take the action on the given object in its current state? Chris identified that there may be constraints (e.g. from a given IP) that affect behavior. One off the cuff proposal, based on the ERD identified in Hydra Roles & Permissions document is that this could be done with an agent lookup module (e.g. when a request is made, find the relevant agent(s) based on lookup criteria, those are the agents that you then check permissions).

We discussed that the state dimension adds additional complexity, and would like to look at what it might look like if we didn't have that. Jeremy did mention that all objects have an implicit single state.

Homework

Review the Hydra Roles & Permissions document (which may be useful to also review the Permission Matrix). 

We are looking to answer two primary questions:

  1. Is the ERD adequate to handle the use cases?
    1. What could be removed?
    2. What is unclear and could be clarified?
    3. Can we fold state into the action? What would that mean for the state machine?
  2. What does each specific UI element look like to grant the permission identified in the Permission Matrix? That is to say "What does the UI look like to grant someone the ability to Create an Admin Set? What does the UI look like to grant someone the ability to create a work into the given Administrative Set?"

Jeremy will schedule meeting for 2020-01-13 and CC Rob Kaufman and Maria Whitaker