yasima-csiro
commented
3 months ago Thanks Bruce. I was thinking that biosecurity admin may want to search users with email first before creating users.
@sbearcsiro @sat01a WDYT?
Closed yasima-csiro closed 3 months ago
yasima-csiro
commented
3 months ago Thanks Bruce. I was thinking that biosecurity admin may want to search users with email first before creating users.
@sbearcsiro @sat01a WDYT?
yasima-csiro
commented
3 months ago According to the discussion had with Sathish, decided to remove list/search user permission for ROLE_BIOSECURITY_ADMIN role.
sat01a
commented
3 months ago Thanks Yasima
yasima-csiro
commented
3 months ago @brucehyslop I addressed the review comments. Would you be able to check? Thanks.
sat01a
commented
3 months ago This looks good but I wonder if we shouldn't name the role after the capability (ie ROLE_USER_CREATOR) rather than the client application, so that we can give this ability to other apps without giving the user biosecurity admin or making a code change?
I like this suggestion, @qifeng-bai and @yasima-csiro ?
(@qifeng-bai - Alerts needs to reflect this) (cc: @kylie-m )
yasima-csiro
commented
3 months ago I am ok with that.
qifeng-bai
commented
3 months ago @yasima-csiro ROLE_BIOSECURITY_ADMIN is for Biosecurity admins to subscribe Biosecurity query and manage subscribers of Biosecurity ONLY
ROLE_USER_CREATOR is more general. To me, the role is for user creation?
yasima-csiro
commented
3 months ago Thanks Bai. Yes, ROLE_USER_CREATOR role is permitted only to create users. I am happy to use this role in userdetails to make it reusable and not to tight it with alerts app.
In that case, Biosecurity admins should have both roles - ROLE_BIOSECURITY_ADMIN and ROLE_USER_CREATOR to manage biosecurity alerts and create users in userdetails.
WDYT @sbearcsiro @sat01a @qifeng-bai @brucehyslop ?
sat01a
commented
3 months ago Thanks Bai. Yes, ROLE_USER_CREATOR role is permitted only to create users. I am happy to use this role in userdetails to make it reusable and not to tight it with alerts app.
In that case, Biosecurity admins should have both roles - ROLE_BIOSECURITY_ADMIN and ROLE_USER_CREATOR to manage biosecurity alerts and create users in userdetails.
WDYT @sbearcsiro @sat01a @qifeng-bai @brucehyslop ?
Yes agreed Yasima. @kylie-m will make a note of these new roles.
kylie-m
commented
3 months ago Draft documentation now on Confluence pages:
It looks like the changes allows users with the
ROLE_BIOSECURITY_ADMINrole to list all users.Should biosecurity admin uses be able to view all user details? If not we could put the "New User" on the admin page or prevent the listing (empty user list) on the find user page.