/
Discovery: Roles & Permissions
Discovery: Roles & Permissions
By ClintonB (Deactivated)
Jul 07, 2015
The user interface and API endpoints of the E-Commerce Service (Otto) need to be better secured. Presently all LMS staff users have superuser access to Otto. This configuration initially worked well when only engineers needed access to the system. However, as we expand usage of service to other members of the organization—Support, Finance, Program Managers—we must better protect our users' personal information as well as our own financial transaction data.
The roles and permissions implementation should meet the following criteria:
- Access to data/views should require specific permissions.
- Roles, representing a collection of permissions, should be created for each corresponding organizational role (e.g. Support, Finance, Program Manager).
- The assignment of users to roles should be centrally maintained (preferably at an auth server/LMS).
- When a user authenticates using OpenID Connect, the authentication server should send the user's list of roles so that appropriate assignments can be made in Otto's database.
Related content
Technical Approach: Roles and Permissions
Technical Approach: Roles and Permissions
More like this
PRD Roles & Permissions
PRD Roles & Permissions
More like this
Authorization
Authorization
More like this
Authorization
Authorization
More like this
Verified Credentials Use Cases
Verified Credentials Use Cases
More like this
System Abstractions
System Abstractions
More like this