Closed robrap closed 3 months ago
Here is a newer Google doc on Roles and Permissions that is a WIP at this point.
I think an Authorization OEP is a good idea, but as a project we're pretty far away from it. Adding the Discovery label to it and tagging @feanil and @ormsbee to keep in the backs of our minds as we approach the R&P work.
I'm not sure if 100% of this is covered, but it was already completed with this OEP: https://open-edx-proposals.readthedocs.io/en/latest/best-practices/oep-0066-bp-authorization.html
Ha! I only saw OEP-9 in the right sidebar listed as obsolete and didn't follow the link to OEP-66. Thanks Robert!
It would be great to have an Authorization best practice OEP that works much like OEP-4: Authentication, which is less about making decisions than being an index of ADRs, documents, and introductory text regarding our Authorization best practices.
However, at this time, those best practices may be somewhat controversial because we are lacking said document. This issue can be used to collect documentation, comments, etc. regarding this topic in preparation for some future OEP.
Here is some context of what exists today:
edx-rbac
.Provisional
status to show something aspirational.