Theme

Roles & Permissions

Written by

in

Situation

The CRM has a role-based permission system, that is limited to a handful of roles.

Complication

There are employees that don’t fit the roles due to their responsibilities. Examples are employees that switch their role and in new locations like Munich.

Additionally, substitutions are a problem, as collogues take responsibilities instead of BMs / head ofs.

Solutions

Solution 1: Extension

We extend the  current role system to include a couple more and other edge cases need to adapt.

Requirements for estimation:

  • Collect & define additional roles

  • Hierarchy and inheritance rules for roles

Solution 2: Permission-based

We refactor the role-based system to a permission-based system that bundles permissions in roles.

Expectation: Add new role in 2 hours.

Requirements for estimation:

  • Detailed description of new permissions

  • We still have inheritance (e.g. BM / Head Of) / Concept of team

  • List of problems to solve

  • Provide list of examples of edge cases

Requirements

  • Staff can add a temporary replacement in cases of sick leave, vacation or parting with Rocken.

    • The user then has the unavailable persons tasks and responsibilities on top of their current ones

    • Decide if replacements can be only done on same level (team member, tl, bm) or only within team/unit.

  • Team leads can see what their team is working on and make corrections if needed. Problems are escalated to the team lead.

    • Actions are logged with the ID of the team lead

    • Team leads are informed if processes take too long (e.g. > 1 week).

  • Business Managers can see what their business unit is working on and make corrections if needed. Problems are escalated to BM.

    • Actions are logged with the ID of the BM

    • BMs are informed if processes take too long (e.g. >2 weeks).

Sensitive Data / Actions / Views / Areas

  • tbd – Go through all REST calls

Considerations

  • How do we introduce changes to role definitions and/or responsibilities? Think of introducting a new “model of working”.

  • How does the concept of hierarchy work in relation to replacements?

  • Can people perform actions “in the name of” a person in the context of a replacement or as part of managment tasks?

  • Assigning multiple roles can lead to problems.

  • How to cache / store active role?

  • Consider allowing permisssions per user instead of roles. Treat roles as templates.

Comments

Leave a Reply

More posts