Notes on RBAC and Content Libraries V2

Oct 31, 2023 @Hilary Sinkoff @Kyle McCormick

• The CourseAccessRole table, which currently stores both access for courses and V1 libraries, will be replaced with CourseRole table(s).

  • CourseRoles can be scoped to a single course-run, or to all courses in an org, or to all course on an instance.

  • These tables will actually foreign key to Organizations and CourseOverviews, so they will not work with V1 libraries (which have "course keys" but not CourseOverview entries).

  • They have a plan to incrementally migrate the platform from CourseAccessRole to CourseRoles.

  • Completion of the migration assumes that V1 libraries will be removed.

  • There will be a new UI for course-level CourseRoles.

  • This work is in progress now, but won't necessarily be complete in time for Redwood.

  • Org-level and instance-level CourseRoles will need to be configured via Django admin. Future work (not by 2U) on the "admin dashboard" idea could provide a UI for this.

• V2 Libraries have their own existing scheme for library-level permissions.

  • Hilary says this is OK (good, actually) because libraries won't work on the CourseRoles table anyway.

  • We should be able to retrofit this system in a way that makes sense alongside what Hilary's team is doing.

  • We'll need to introduce the idea of org-level and instance-level LibraryV2Roles. These roles would be separate from the org-level and instance-level CourseRoles.

    • We don't need to do this now, but we should do it before we remove V1 libraries.

  • Should product find it desirable, they could link the concepts of "org-level library staff" and "org-level course staff" together at a UI level, but they will remain separate in the database.