Document new user permissioning

[ghickman]

Our medium-term goal is to automate new user provisioning and permissioning. However, in the short term, several steps require manual intervention by admins (interacting with users, establishing the permissions they should have, giving them pointers to what they can/can't do, assigning permissions, and perhaps more). And people are routinely a bit confused about the states they find themselves in (example)

Specifically, some common actions for users:

• [ ] initial onboarding/set up of a newly registered user
• [ ] setting permissions for an existing user to run jobs in an existing workspace. Also see this thread
• [ ] configuing output viewing for an existing user (mostly legacy now but still a semi-common task)
• [ ] configuring output releasing for an existing user (this is slightly different to the previous task!)
• [ ] fixing missing permissions on older Projects

The person who picks up this ticket should start by briefly reviewing all the linked discussions (more in the thread below, too), then having a chat with George to check their understanding. It probably makes sense to turn these into a series of commonly-asked questions.

Any ensuing notes should be turned into a series of FAQs or similar topic-based narrative.

Intially, we should draft these in a Google Doc. When we're pretty happy with them, we integrate the text directly into job-server, displaying a list group of them in the Staff Area index page below the current list group in the left-hand nav.

There may also be some useful background narrative generated as part of this research - planned future directions, etc. This should intially go into a google doc, and then probably turned into a series of issues (coordinate with Seb)

[sebbacon]

Given osrelease also leans on permissions, I think this thread is also relevant for consideration

[sebbacon]

Two things to clarify:

• who / what role currently does the new user permissioning?
• how about new project permissioning for existing users? Does that need its own section in the docs?

[sebbacon]

Also see discussion here (Slack) - George added a tickbox to the bullet list at the top after this discussion.

[sebbacon]

And here's another thread with people seeking clarification

[sebbacon]

@tomodwyer

FYI co-pilots have been maintaining their own documentation, which I just found here https://docs.google.com/document/d/1odediydaSJI2dwFwqgGO9lDR0HjTaCn9O9IGXAatiCc/edit

[sebbacon]

I'm also throwing in this Slack thread (where I learned about that) for the record - I don't think you necessarily need to read it @tomodwyer.

[tomodwyer]

Another Slack thread on permissions to create new organisations.

[sebbacon]

Note that when this is done, we should link to the published version(s) from our Policy

[sebbacon]

A slack thread not about permissions, but about transferring existing repos to the opensafely org

[ghickman]

Moved to the ideas bucket.