Closed yasima-csiro closed 3 months ago
Thanks Bruce. I was thinking that biosecurity admin may want to search users with email first before creating users.
@sbearcsiro @sat01a WDYT?
According to the discussion had with Sathish, decided to remove list/search user permission for ROLE_BIOSECURITY_ADMIN role.
Thanks Yasima
@brucehyslop I addressed the review comments. Would you be able to check? Thanks.
This looks good but I wonder if we shouldn't name the role after the capability (ie ROLE_USER_CREATOR) rather than the client application, so that we can give this ability to other apps without giving the user biosecurity admin or making a code change?
I like this suggestion, @qifeng-bai and @yasima-csiro ?
(@qifeng-bai - Alerts needs to reflect this) (cc: @kylie-m )
I am ok with that.
@yasima-csiro ROLE_BIOSECURITY_ADMIN is for Biosecurity admins to subscribe Biosecurity query and manage subscribers of Biosecurity ONLY
ROLE_USER_CREATOR is more general. To me, the role is for user creation?
Thanks Bai. Yes, ROLE_USER_CREATOR role is permitted only to create users. I am happy to use this role in userdetails to make it reusable and not to tight it with alerts app.
In that case, Biosecurity admins should have both roles - ROLE_BIOSECURITY_ADMIN and ROLE_USER_CREATOR to manage biosecurity alerts and create users in userdetails.
WDYT @sbearcsiro @sat01a @qifeng-bai @brucehyslop ?
Thanks Bai. Yes, ROLE_USER_CREATOR role is permitted only to create users. I am happy to use this role in userdetails to make it reusable and not to tight it with alerts app.
In that case, Biosecurity admins should have both roles - ROLE_BIOSECURITY_ADMIN and ROLE_USER_CREATOR to manage biosecurity alerts and create users in userdetails.
WDYT @sbearcsiro @sat01a @qifeng-bai @brucehyslop ?
Yes agreed Yasima. @kylie-m will make a note of these new roles.
Draft documentation now on Confluence pages:
It looks like the changes allows users with the
ROLE_BIOSECURITY_ADMIN
role to list all users.Should biosecurity admin uses be able to view all user details? If not we could put the "New User" on the admin page or prevent the listing (empty user list) on the find user page.