Open tmfrnz opened 11 months ago
Additional info:
- can we limit Contributors and Managers to specific treaty bodies only (then just Contributor or Visitor/Guest to all other content?) instead of Managers being able to edit all treaty bodies. Do we also remove user administration from Manager role?
can use the user_categories
table to assign users with treaty bodies (that are stored as categories), then limit users' editing privileges to recommendations, actions and indicators that are (directly or indirectly) linked to that category. now will either need to store the treaty body taxonomy id in config or add a e.g. needs_user_category_relationship
field to the taxonomy table
- can Managers create accounts (instead of users registering accounts then Managers granting them roles) then send link to log in (and must change password)
should not be required if using AD (#26)
- also report to monitor account with no activity. also ability to make accounts inactive without deleting them
could allow archiving of users (as part of #13)
Original requirement:
Stakeholder requirement: StR31 "Control access"
likely requires #31