Implement field configurable security for global admin, project admin, practice area lead, and team member #346
Labels
draft
This issue is not fully-written
ethan
feature: missing
role: missing
size: missing
stakeholder: missing
Overview
Implement ability to configure security for user fields to prevent global admin, project admin, practice area lead, and team member from having read, update, or create permissions to fields that are sensitive. These roles correspond to adminGlobal, adminProject, practiceLead, and memberTeam permission types.
Details
This issue, when implemented, will enable specifying permissions for the /users and /me endpoints based on a the role/permission type, project, and study a user is assigned to.
End points
cru_permissions.py will have a "cru" permission list for each role (global admin, project admin, practice area lead, and team member. The cru permission list will specify for each field whether user can specify when creating, read, or update the field.
Note: This issue is considered completed when the ability to configure is implemented and a permission is specified for each field for each role, even if the specification has not been verified. See issue #xxx for verifying specification.
Here is an example of cru_permissions for project lead:
Since a project admin cannot create a user, none of the fields will include a "C". Only global admin can create a record.
Technical Notes
Action Items
The text was updated successfully, but these errors were encountered: