Notes on RBAC and Content Libraries V2

Owned by Kyle McCormick
Oct 31, 2023
1 min read

Oct 31, 2023 @Hilary Sinkoff @Kyle McCormick

  • The CourseAccessRole table, which currently stores both access for courses and V1 libraries, will be replaced with CourseRole table(s).

    • CourseRoles can be scoped to a single course-run, or to all courses in an org, or to all course on an instance.

    • These tables will actually foreign key to Organizations and CourseOverviews, so they will not work with V1 libraries (which have "course keys" but not CourseOverview entries).

    • They have a plan to incrementally migrate the platform from CourseAccessRole to CourseRoles.

    • Completion of the migration assumes that V1 libraries will be removed.

    • There will be a new UI for course-level CourseRoles.

    • This work is in progress now, but won't necessarily be complete in time for Redwood.

    • Org-level and instance-level CourseRoles will need to be configured via Django admin. Future work (not by 2U) on the "admin dashboard" idea could provide a UI for this.

  • V2 Libraries have their own existing scheme for library-level permissions.

    • Hilary says this is OK (good, actually) because libraries won't work on the CourseRoles table anyway.

    • We should be able to retrofit this system in a way that makes sense alongside what Hilary's team is doing.

    • We'll need to introduce the idea of org-level and instance-level LibraryV2Roles. These roles would be separate from the org-level and instance-level CourseRoles.

      • We don't need to do this now, but we should do it before we remove V1 libraries.

    • Should product find it desirable, they could link the concepts of "org-level library staff" and "org-level course staff" together at a UI level, but they will remain separate in the database.