2019-03-27 User Management Meeting Notes

For those writing their own code to attach permissions to users in a batch way, by users’ 15-digit UUID - whereas it's far more convenient to identify people by NetID etc - more intuitive and still unique. Should we advocate for having FOLIO developers implement a bridge allowing us to look up a user (or code up a user) programmatically by the name or user-friendly IDs we know, rather than having to search for their 15-digit UUIDs? Maura has been writing custom code to assign permissions to users, and others on the project have as well. The code goes to the Users module to look up users by name, then pull the UUID to assign / list permissions etc. via the Permissions module. Should the Project code up something canonical for us in the Permissions module?  Phil will follow up with Cornellians on other FOLIO SIGs to see if this is also being discussed elsewhere.

The general consensus was that it's worth pursuing this.

• Some UI elements need improvements. The user auto-complete field risks showing too much data insecurely. Users can change each other’s profiles and even prevent each other from logging in! Should be captured in JIRA tickets. User names should not be editable, at least not the users loaded through automated feeds. Could be handled through permissions management - only admins could do it; maybe allow wider scope for creating new users rather than updating their accounts. Need to think about deletions too. Discussion of configurability of full-on admin permissions by institution / instance of FOLIO (with regard to changing user profile information).
• Discussion of case-sensitivity and its consistency in login names, and having user names as FOLIO user accounts vs patrons - staff account expiry dates (such as student workers / temps) vs patrons. Possible discussion point next week.