Organisational accounts

[RichardTaylor]

A user of the bulk request feature has written to say they are planning to bring in other people to help them manage the responses to the requests they have made. They asked if there is an feature to give other users permissions to act on the set of requests.

Presumably this would work best with an organisational account - making requests in the name of an organisation - which individual members of that organisation can act on.

This is the first request for such a feature.

In other bulk request situations we've seen a number of individuals split the requesting between them; here we have a case where all the requests have been sent by one user and they're seeking help following them up.

There are potential links with #2921 but caution is needed as you wouldn't want to automatically give everyone an an organisation permission to act on a particular request.

[laurentS]

We have a similar use case for madada.fr with organizations starting work on very large batches of requests (with >50k public bodies in France, we can easily hit silly numbers, e.g. all cites and towns in France is 36k). The use case would be a handful of Pro users wanting to be able to keep an eye on each others's requests while still maintaining their own areas of responsibilities. My guess is that the ideal solution would offer something like an organisation account, with individual accounts linked to it, and all these accounts having access to all embargoed requests linked to that org (going beyond this, we get into ACL territory, and it just seems that it would be a management nightmare).

[RichardTaylor]

From a note made at https://github.com/mysociety/alaveteli/issues/285#issuecomment-881410563 :

Perhaps the concept of an organisational account with powers/access over individual user accounts could be used when one user needs accounts under different names and wants a single login? One could envisage journalists / whistleblowers who make requests under a range of pseudonyms using such an account too.

[garethrees]

FragDenStaat have just shared their beta of this – looks great!

Long screenshot…

For us to copy this we’d probably want to do some major yak shaving and improve our user profile pages (https://github.com/mysociety/alaveteli/issues/1524) given the prominence of the users in their design. I think we could come up with something with less emphasis on the user profiles though – more like the GitHub approach:

Would also be a good place to give more prominence to citations (https://github.com/mysociety/alaveteli/issues/6701)

Related to https://github.com/mysociety/alaveteli/issues/6788 – could have an organisation-scoped request game to encourage orgs with an audience to get their audience involved in classifying.

[WilliamWDTK]

I'd certainly be in favour of not making the individual users so prominent: most organisations will have another web presence where bios and nice photos can be found.

[garethrees]

Would need to consider privacy policy around PII (especially around revealing IP addresses), as lots of our phrasing uses "your", as its focused around individuals. When we're dealing with an organisational account, some of situations are less clear about their scope. Who's the account "owner" that we'd reveal PII to – is it an individual, or any responsible individual from the org, even if that differs from the particular user at the time?