...
Use Case | |
|---|---|
New admin account created with a sandbox in which studies can be created/edited that are not visible to others | |
“Sandbox” can be converted to real study, with additional users in specific roles for that study | |
Study is extended by creating a new study | |
Study recruits from existing user pool into a new study | |
Add someone to a study’s administration team | |
Remove someone from a study’s administration team | |
Create similar authorization model for assessments | We should be able to expand it to other things than studies, because it seems likely we’ll encounter something else that needs finer-grained authorization. |
Assuming a generic authorization model (user → has permission → object), maybe we don’t need groups (or rather, that object could be a study and it could be a group). But we should look at other systems to see what it buys us. I think that practically, it’s difficult to grant read permissions to a group without a grouping construct (I create a new study and the system has to figure out who should be able to see it…that’s not easy with overlapping associations)Organizations. “Teams” in Synapse impart an identical set of permissions to a project for a set of users. “Organizations” in Bridge are a scope for manipulating users and possibly also for viewing studies created by others in the organization. “Membership” in an organization could be modeled as a role that can list studies and users for the organization. You could then have more than one of these records and we could adjust what “being a member of an organization” means through the use of other roles in an organization. An organization admin for example as an ADMIN role that can do more with the organization itself.
Implementation Considerations
...
We’d need to update both representations of roles in both places (as part of accounts and part of permissions), move over to authorizing requests using the permissions table, and then remove the bridge code and finally, delete the AccountRoles table.
New roles
Role | For object | Description |
|---|---|---|
MEMBER | Organization | Can list all members of the organization or all studies sponsored by the organization |