Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Table of Contents
minLevel1
maxLevel7

...

We have been looking at three related pieces of work

  1. Refactoring our account system to separate participants and administrative users;

  2. Implementing more flexible role-based security over domain objects (like studies);

  3. Allowing users to be assigned to multiple organizations.

In brief, these are mostly separate pieces of work, but we believe #1 should happen before further integration with Synapse or any external accounts management system, and #2 should happen before #3, so we don’t have to add functionality to organizations that we would just then remove.

Separate participant and administrative account management

The business logic behind participant accounts has always been substantial (verification, consent, anonymization), but recently our requirements for administrative accounts have grown as well. Currently logic for both kinds of accounts is intermixed, making any additional work to either kind of account a higher risk than it needs to be.

Here are the current dependencies between our accounts, authorization, and consent classes:

...