/
Meeting notes 2025-02-05

Meeting notes 2025-02-05

Owned by Guillermo Viedma
Feb 05, 2025
2 min read

Attendees:

  • @Dave Ormsbee (Axim)

  • @Jenna Makowski

  • @Sarina Canelake

  • @Guillermo Viedma

  • @Esteban Etcheverry

Key Discussions

Document Consolidation

  • Jenna: All revisions should be merged into a single document for clarity.

Feedback Review from Previous Core Product WG

Slides

  • Deny by Default

  • Role Stackability

  • Scoped Roles

Custom Roles

  • Jenna: Can we still create custom roles from scratch in the new approach? → Yes

Clarifying Scope Definitions

  • Dave:

    • "Organization" and "All Courses in an Organization" are not the same.

    • Example:

      • Create Course → Organization-level permission.

      • Add Content → Course-level permission.

    • Permissions for an Organization are limited, while a set of courses within an organization has more permissions.

    • If this is clear in the documentation and requirements will not be a problem, but is important to avoid ambiguity.

Course vs. Course Run

  • Course Run added as a Scope

  • Permissions at the Course Run level

  • Jenna:

    • Differentiate backend vs. frontend expectations in discussions.

    • Use consistent terminology for both audiences.

    • Similar case with organization

  • Dave:

    • Explore if there’s an umbrella term for all Course Runs of a Course.

Permission Management & Inheritance

  • New permission visibility:

    • Users should be able to see which users have certain permissions and modify them when a course rerun is created.

  • Custom Role Inheritance:

    • Sarina: No role inheritance. Instead, notify admins when new permissions are added so they can manually adjust custom roles.

    • Updates should not auto-grant new permissions (new features must be explicitly requested).

    • Dave: OK with not adding this at this stage. Check multitenancy use cases.

Role Creation Scope Limitations

  • Use cases in multitenancy

Security Risk as a Category

  • Can this be built as a plugin?

  • Tag roles per security level (each organization can define its own tags). Mention PII.

  • Provide flexibility for organizations to define security tags (Sarina).

  • Out of MVP – Consider for V2 or V3.

Centralized UI vs. Contextual UI

  • Sarina:

    • Provide an in-context link that opens the centralized roles admin panel in a new window.

    • Out of MVP – Consider for V2 or V3.

Next Steps

  1. Get feedback from Sarina and Dave.

  2. Guillermo to incorporate feedback and update the public wiki.

  3. Guillermo to review the role set.

Dave's Presentation & Findings

Technical Considerations

  • Roles should remain generic due to the nature of the learning platform.

  • Prioritize simplicity in implementation.

  • Tech gaps in the current system:

    • Other services have their own roles (e.g., Aspects).

    • LMS roles do not fully align with external services.

    • Not an MVP priority.

MVP Considerations

  • Content Libraries:

    • Could be a good MVP candidate as a standalone system.

    • Subset of courses, but use cases still evolving.

    • Exploring options for role-based access.

  • Import/Export of Roles

Libraries Work

  • Jenna:

    • To present ongoing Libraries work and new functionality planned for TEAK.

Related content

PRD Roles & Permissions
PRD Roles & Permissions
Open edX Product Management
More like this
Technical Approach: Roles and Permissions
Technical Approach: Roles and Permissions
Open edX Product Management
More like this
System Abstractions
System Abstractions
Open edX Product Management
More like this
RBAC Tech Spec
RBAC Tech Spec
Open edX Community
More like this
2025 - 1 - 28
2025 - 1 - 28
Open edX Community
More like this
Authorization
Authorization
Open edX Product Management
More like this