Open jcoyne opened 2 years ago
andrewjbtw
commented
2 years ago Is there a connection to workgroups? There are workgroups with "sdr-administrator" in the name that can see anything and I wonder if the ur-APO setting is connected to that.
jcoyne
commented
2 years ago @andrewjbtw the workgroup is sdr:administrator-role and that is handled completely separately. This is super confusing so I'm trying to disentangle this stuff.
See that there is only 1 result with this query: https://sul-solr-prod-a.stanford.edu/solr/argo3_prod/select?fl=id&indent=true&q.op=OR&q=apo_role_sdr-viewer_ssim%3A& and none for: https://sul-solr-prod-a.stanford.edu/solr/argo3_prod/select?fl=id&indent=true&q.op=OR&q=apo_role_person_sdr-viewer_ssim%3A&
Similarly only 1 result with this query: https://sul-solr-prod-a.stanford.edu/solr/argo3_prod/select?fl=id&indent=true&q.op=OR&q=apo_role_sdr-administrator_ssim%3A& and none for: https://sul-solr-prod-a.stanford.edu/solr/argo3_prod/select?fl=id&indent=true&q.op=OR&q=apo_role_person_sdr-administrator_ssim%3A&
Can we switch the sdr-viewer role for the dor-apo-viewer role and then retire the sdr-viewer role? If yes, we should open a new ticket in cocina-models to drop sdr-viewer from the allowed roles after remediating the UR APO.