Development questions for specifications of row and field security

[ethanstrominger]

Overview

Identify security so that users only see what is applicable to them.

Action Items

• [ ] ReviewField Security Spreadsheet for accuracy of user table. Current version says only AdminVrms can view or update most fields. It also leaves out some fields that are part of the user table.
• [ ] Review user functional security requirements Wikis
• [ ] For each table, specify lowest role that can view or update a row and which fields can be specified. If different for different levels, specify that level as well.
• [ ] For each table, specify lowest view that can create a record and the field security.

Tables with row security

Any tables related to events are likely cancelled_event check_in event

Tables related to users

user cancelled_event (under review) check_in permission_assignment permission_history user user_availability user_check user_employment_change win

Tables related to projects

Note: Project itself does not need row level privileges. leadership_type project_status_history any tables related to events are likely cancelled_event check_in event

[ExperimentsInHonesty]

The constants.py file has the table permissions by user type https://github.com/hackforla/peopledepot/pull/308/files#diff-96652a08f40223957a22902bea632c87864087286aa1644fd3b4d4bc08e64c56