Role-based Access

Power User

Delete, Rename, Update BIE owned by others
Delete, Rename, Update Published BIEs
- For example, when reusing BIE. Even though still experimenting with BIE, it has to be published first to be reused. But later may need to modify or delete that BIE b/c it is not good enough yet.
Update State from Published to Candidate, Edit

Admin Role should be able to inactivate users, reassign BIEs from inactive user to another user

This page is the role from the Express pack perspective. https://oagiscore.atlassian.net/wiki/spaces/SWG/pages/793837626

Score 2.x Enhancement related to role-based access.

For End user on End User BIE

Note that BIE in the table below means end user BIE and includes end user code lists.

Role\Functionality	Read Production BIE	Copy BIE	Read & Copy non-Production BIE	Create/Edit BIE Not in Production State	Edit BIE in Production State	Express BIE (when in appropriate state and ownership)	Discard owned WIP BIE	Discard Production BIE, even unowned (orphaned BIE)	Transfer ownership when owned and in WIP state	Transfer ownership when not owned in any state	Uplifting BIE (that he can read)	Extend BIE globally

Role\Functionality	Read Production BIE	Copy BIE	Read & Copy non-Production BIE	Create/Edit BIE Not in Production State	Edit BIE in Production State	Express BIE (when in appropriate state and ownership)	Discard owned WIP BIE	Discard Production BIE, even unowned (orphaned BIE)	Transfer ownership when owned and in WIP state	Transfer ownership when not owned in any state	Uplifting BIE (that he can read)	Extend BIE globally
Public End User Role: Require login	Y (Maybe allow Architect End User to configure what BIEs are readable)	N	N	N	N	Y	N	N	N	N	N	N
Enterprise End User Role	Y	Y	Y	Y	N	Y	Y	N	Y	N	Y	N
Architect/Admin End User Role	Y	Y	Y	Y	Y	Y	Y	Y	Y	Y	Y	Y

Focus on the Enterprise End User and Architect End User Roles for now.

For End User on End User CC

Role\Functionality	Read CC in production	Read CC in non-production	Create/Edit CC Not in Production State	Amend CC	Delete owned WIP CC	Restore deleted CC	Purge deleted CC	Transfer ownership when owned and in WIP state	Transfer ownership when not owned in any state	Uplifting CC or code list (that he can read)	Namespace Management

Role\Functionality	Read CC in production	Read CC in non-production	Create/Edit CC Not in Production State	Amend CC	Delete owned WIP CC	Restore deleted CC	Purge deleted CC	Transfer ownership when owned and in WIP state	Transfer ownership when not owned in any state	Uplifting CC or code list (that he can read)
Public End User Role: Require login	Y	N	N	N	N	N	N	N	N	N
Enterprise End User Role	Y	Y	Y	Y	Y	Y	N	Y	N	Y
Architect End User Role	Y		Y	Y	Y	Y	Y	Y	Y	Y

For End User on Developer/Standard BIE

This is more relevant to the use case where Express Pack is developed on the develop instance, pushed out to the oagiscore instance. What we want to allow the end user role on the oagiscore instance to be able to do with developer’s BIE.

Role\Functionality	Read Developer BIE in Production	Copy Developer BIE Production => New BIE becomes End User BIE	Express developer BIE	Uplifting Developer BIE => New BIE becomes End User BIE	Read & Copy non-Production BIE	Create/Edit BIE Not in Production State	Edit BIE in Production State	Express BIE (when in appropriate state and ownership)	Discard owned, WIP BIE	Discard Production BIE, even unowned	Transfer ownership when owned and in WIP state	Transfer ownership when not owned in any state	Uplifting BIE (that he can read)	Extend BIE globally

Role\Functionality	Read Developer BIE in Production	Copy Developer BIE Production => New BIE becomes End User BIE	Express developer BIE	Uplifting Developer BIE => New BIE becomes End User BIE	Read & Copy non-Production BIE	Create/Edit BIE Not in Production State	Edit BIE in Production State	Express BIE (when in appropriate state and ownership)	Discard owned, WIP BIE	Discard Production BIE, even unowned	Transfer ownership when owned and in WIP state	Transfer ownership when not owned in any state	Uplifting BIE (that he can read)	Extend BIE globally
Public User Role: Require login	Y (Maybe allow Admin/Architect Developer to configure what BIEs are readable)	N	Y	N	N	N	N	N	N	N	N	N	N	N
Enterprise End User Role	Y	Y	Y	Y	Y	Y	N	Y	Y	N	Y	N	Y	N
Architect/Admin End User Role	Y	Y	Y	Y	Y	Y	Y	Y	Y	Y	Y	Y	Y	N

For End User on Developer/Standard CC

All End users can only read developer CCs.

Role\Functionality	Read Published CC	Read non-pubished CC (i.e., CC in Working branch)	Create/Edit CC Not in Published state	Revise CC	Delete owned WIP CC	Restore deleted CC	Purge deleted CC	Transfer ownership when owned and in WIP state	Transfer ownership when not owned in any state	Release Management	Module Management	CC Expression

Role\Functionality	Read Published CC	Read non-pubished CC (i.e., CC in Working branch)	Create/Edit CC Not in Published state	Revise CC	Delete owned WIP CC	Restore deleted CC	Purge deleted CC	Transfer ownership when owned and in WIP state	Transfer ownership when not owned in any state	Release Management	Module Management	CC Expression
Public End User Role	N	N	N	N	N	N	N	N	N	N	N	N
Enterprise End User Role	Y	Y	N	N	N	N	N	N	N	N	N	N
Architect End User Role	Y	Y	N	N	N	N	N	N	N	N	N	N

For Developer on Developer/Standard BIE

Role\Functionality	Read & Copy non-Production BIE	Create/Edit BIE Not in Production State	Edit BIE in Production State	Express BIE (when in appropriate state and ownership)	Discard owned, WIP BIE	Discard Production BIE, even unowned	Transfer ownership when owned and in WIP state	Transfer ownership when not owned in any state	Uplifting BIE (that he can read)	Extend BIE locally and globally

Role\Functionality	Read & Copy non-Production BIE	Create/Edit BIE Not in Production State	Edit BIE in Production State	Express BIE (when in appropriate state and ownership)	Discard owned, WIP BIE	Discard Production BIE, even unowned	Transfer ownership when owned and in WIP state	Transfer ownership when not owned in any state	Uplifting BIE (that he can read)	Extend BIE locally and globally
Standard contributor	Y	Y	N	Y	Y	N	Y	N	Y	N
Standard Admin	Y	Y	Y	Y	Y	Y	Y	Y	Y	N

For Developer on Developer/Standard CC

Role\Functionality	Read Published CC	Read non-pubished CC (i.e., CC in Working branch)	Create/Edit CC Not in Published state	Revise CC	Delete owned WIP CC	Restore deleted CC	Purge deleted CC	Transfer ownership when owned and in WIP state	Transfer ownership when not owned in any state	Release Management	Module Management	CC Expression

Role\Functionality	Read Published CC	Read non-pubished CC (i.e., CC in Working branch)	Create/Edit CC Not in Published state	Revise CC	Delete owned WIP CC	Restore deleted CC	Purge deleted CC	Transfer ownership when owned and in WIP state	Transfer ownership when not owned in any state	Release Management	Module Management	CC Expression
Standard Contributor	Y	Y	Y	Y	Y	Y	N	Y	N	N	N	Y
Standard Admin	Y	Y	Y	Y	Y	Y	Y	Y	Y	Y	Y	Y

For Developer on End User BIE and CC

Developers can only read end user BIEs and CCs as it is now.

Role\Functionality	Read End user Production BIE	Copy End User BIE => becomes developer BIE and any extensions are removed	Read & Copy non-Production End User BIE	Create/Edit End user BIE Not in Production State	Edit End User BIE in Production State	Express End User BIE (when in appropriate state and ownership)	Discard Production End User BIE, even unowned (orphaned BIE)	Transfer ownership when not owned in any state	Uplifting End User BIE (that he can read)

Role\Functionality	Read End user Production BIE	Copy End User BIE => becomes developer BIE and any extensions are removed	Read & Copy non-Production End User BIE	Create/Edit End user BIE Not in Production State	Edit End User BIE in Production State	Express End User BIE (when in appropriate state and ownership)	Discard Production End User BIE, even unowned (orphaned BIE)	Transfer ownership when not owned in any state	Uplifting End User BIE (that he can read)
Standard contributor	Y	Y	N	N	N	Y	N	N	N
Standard Admin	Y	Y	N	N	N	Y	N	N	N

connectCenter Working Group