User Account Roles – Review and document roles, permissions, codebase vs. environments

responsible-ai-collaborative / aiid

The AI Incident Database seeks to identify, define, and catalog artificial intelligence incidents.

https://incidentdatabase.ai

Other

163 stars 34 forks source link

User Account Roles – Review and document roles, permissions, codebase vs. environments #2383

Open kepae opened 8 months ago

kepae commented 8 months ago

We should review the existing user roles in production and staging, as well as in the code. We recently saw a discrepancy in staging vs production expectations in https://github.com/responsible-ai-collaborative/aiid/pull/2359; in staging, there exist users with the role editor but in production, this role is incident_editor.

[x] Review staging vs. production discrepancies in roles, and likely migrate staging to match production.
[x] Create documentation of all roles and basic permissions. (https://github.com/responsible-ai-collaborative/aiid/pull/2403)
[ ] Confirm incident editor accounts have all necessary permissions and remove admin roles from users where no longer necessary.
- related: #2606
[x] Review and update MongoDB permissions (https://github.com/responsible-ai-collaborative/aiid/issues/1974).

Historically, https://github.com/responsible-ai-collaborative/aiid/issues/1703 proposed some of the existing roles. There's more history somewhere and I'm looking for it...

pdcp1 commented 8 months ago

Current Roles

Staging

admin
subscriber
incident_editor
editor
submitter
taxonomy_editor

Production

admin
subscriber
taxonomy_editor

pdcp1 commented 8 months ago

remove admin roles from users where no longer necessary.

@kepae Regarding this point. We currently have 19 users with admin role in Production. Most of them don't have first and last names, so it's hard to know who are they. Do you know who should keep the admin access on Production? I have my names but I would like to confirm with you before creating a migration to remove the rest.

kepae commented 7 months ago

Thanks @pdcp1! I'll review and update the current admin roles, I have a means of identifying most users. The important thing is that after the migration, the editor roles should be sufficient for their actions. Will also assign myself here.

pdcp1 commented 7 months ago

Review staging vs. production discrepancies in roles, and likely migrate staging to match production.

@kepae this item is done and merged on this PR https://github.com/responsible-ai-collaborative/aiid/pull/2401

pdcp1 commented 4 months ago

Since we closed the last item of this issue:

Confirm incident editor accounts have all necessary permissions and remove admin roles from users where no longer necessary. related: https://github.com/responsible-ai-collaborative/aiid/issues/2606

we can close it

kepae commented 4 months ago

Oops, sorry, I have to actually remove the unnecessary admin roles still and test that with editors. I'll re-open and assign to me for that last bit.

pdcp1 commented 4 months ago

Oh, sorry for closing it