/
Getting to an RBAC For Libraries MVP

Getting to an RBAC For Libraries MVP

Owned by Jenna Makowski
Last updated: Feb 20, 2025
2 min read

The platform is moving toward modularized approaches to creating and managing content. Content authors, instructional designers and subject matter experts are now able to create and manage content, learning sequences and lessons independently from creating full courses. This is accomplished via the Libraries feature.

In order to support these diversified pathways for content creation, it is likely that we will need to create one or more roles that are specific to Libraries permissions sets, but not to courses. Since we are introducing the concept of “stackable roles”, it should be possible for a user to be assigned either a library role OR a course role, or BOTH a library role and a course role(s).

The current status of Libraries permissions is described here. In today’s state, course staff with the ability to create new courses also have the ability to create new libraries (we just went with basic parity for the Libraries beta.)

As a starting hypothesis for the RBAC MVP, I suspect we will need to focus on converting these Library roles as part of the MVP:

  1. Library author

  2. Library viewer

  3. Library admin

Open product questions that need to be answered in order to define the MVP:

  1. What specific permissions must be attached to the Library Author role? To the Library viewer role? To the Library admin role?

  2. Do we need other Library-specific roles? Any net-new roles?

  3. Is Library viewer a role? Or is “view libraries” simply a permission that gets added to other roles?

  4. What is the full range of Library permissions? These need to be articulated and defined.

  5. There is Library cross-over with courses, in that course authors can access libraries in order to choose content for reuse in their courses (this is all done via pop-up modals from within a course). Should course staff be able to access library content for reuse in a course, if they do not have a role in that library? Is this accomplished with a permission added to course staff roles that grants them the ability to reuse library content? Is this an “out of the box” addition to course roles? How do we handle this in the context of an MVP that is not touching course roles yet.

  6. Can Library roles be assigned from within libraries? What does that UI look like? Thread here.

  7. ???

 

An “in-context” user management UI (in a Libraries RBAC MVP):

Assuming we built a per-library user management experience:

  1. Users can see a list of all team members for that particular library (ie anyone who has read or write (or admin?) access to that library, and the roles assigned)

  2. Users with requisite permissions (TBD in the product specs) can assign users roles within that Library, but role assignment does not bleed out beyond that Library (ie, cannot assign that user a role in a course)

(Next steps: We’ll need to get a few user interviews set up.)

 

Related content

Notes on RBAC and Content Libraries V2
Notes on RBAC and Content Libraries V2
Open edX Community
More like this
Meeting notes 2025-02-05
Meeting notes 2025-02-05
Open edX Product Management
More like this
RBAC Tech Spec
RBAC Tech Spec
Open edX Community
More like this
System Abstractions
System Abstractions
Open edX Product Management
More like this
PRD Roles & Permissions
PRD Roles & Permissions
Open edX Product Management
More like this
Technical Approach: Roles and Permissions
Technical Approach: Roles and Permissions
Open edX Product Management
More like this