Notes on RBAC and Content Libraries V2
Oct 31, 2023 @Hilary Sinkoff @Kyle McCormick
The CourseAccessRole table, which currently stores both access for courses and V1 libraries, will be replaced with CourseRole table(s).
CourseRoles can be scoped to a single course-run, or to all courses in an org, or to all course on an instance.
These tables will actually foreign key to Organizations and CourseOverviews, so they will not work with V1 libraries (which have "course keys" but not CourseOverview entries).
They have a plan to incrementally migrate the platform from CourseAccessRole to CourseRoles.
Completion of the migration assumes that V1 libraries will be removed.
There will be a new UI for course-level CourseRoles.
This work is in progress now, but won't necessarily be complete in time for Redwood.
Org-level and instance-level CourseRoles will need to be configured via Django admin. Future work (not by 2U) on the "admin dashboard" idea could provide a UI for this.
V2 Libraries have their own existing scheme for library-level permissions.
Hilary says this is OK (good, actually) because libraries won't work on the CourseRoles table anyway.
We should be able to retrofit this system in a way that makes sense alongside what Hilary's team is doing.
We'll need to introduce the idea of org-level and instance-level LibraryV2Roles. These roles would be separate from the org-level and instance-level CourseRoles.
We don't need to do this now, but we should do it before we remove V1 libraries.
Should product find it desirable, they could link the concepts of "org-level library staff" and "org-level course staff" together at a UI level, but they will remain separate in the database.