/
Discovery: Roles & Permissions

Discovery: Roles & Permissions

Owned by ClintonB (Deactivated)
Jul 07, 2015

The user interface and API endpoints of the E-Commerce Service (Otto) need to be better secured. Presently all LMS staff users have superuser access to Otto. This configuration initially worked well when only engineers needed access to the system. However, as we expand usage of service to other members of the organization—Support, Finance, Program Managers—we must better protect our users' personal information as well as our own financial transaction data.

The roles and permissions implementation should meet the following criteria:

  1. Access to data/views should require specific permissions.
  2. Roles, representing a collection of permissions, should be created for each corresponding organizational role (e.g. Support, Finance, Program Manager).
  3. The assignment of users to roles should be centrally maintained (preferably at an auth server/LMS).
  4. When a user authenticates using OpenID Connect, the authentication server should send the user's list of roles so that appropriate assignments can be made in Otto's database.

XCOM-368

Related content

RBAC Tech Spec
RBAC Tech Spec
Open edX Community
More like this
PRD Roles & Permissions
PRD Roles & Permissions
Open edX Product Management
More like this
2025 - 1 - 28
2025 - 1 - 28
Open edX Community
More like this
Authorization
Authorization
Architecture and Engineering
More like this
Verified Credentials Use Cases
Verified Credentials Use Cases
Open edX Product Management
More like this
[CLOSED] FC-0002 - General Design for Sharing Open edX Credentials
[CLOSED] FC-0002 - General Design for Sharing Open edX Credentials
Open edX Community
More like this