Table of Contents | ||||
---|---|---|---|---|
|
...
We have been looking at three related pieces of work
Refactoring our account system to separate participants and administrative users;
Implementing more flexible role-based security over domain objects (like studies);
Allowing users to be assigned to multiple organizations.
In brief, these are mostly separate pieces of work, but we believe #1 should happen before further integration with Synapse or any external accounts management system, and #2 should happen before #3, so we don’t have to add functionality to organizations that we would just then remove.
Separate participant and administrative account management
The business logic behind participant accounts has always been substantial (verification, consent, anonymization), but recently our requirements for administrative accounts have grown as well. Currently logic for both kinds of accounts is intermixed, making any additional work to either kind of account a higher risk than it needs to be.
Here are the current dependencies between our accounts, authorization, and consent classes:
...