Development questions for specifications of row and field security

[ethanstrominger]

Overview

Identify security so that users only see what is applicable to them.

Action Items

• ReviewField Security Spreadsheet for accuracy of user table. Current version says only AdminVrms can view or update most fields. It also leaves out some fields that are part of the user table.
• Review user functional security requirements Wikis
• For each table, specify lowest role that can view or update a row and which fields can be specified. If different for different levels, specify that level as well.
• For each table, specify lowest view that can create a record and the field security.

Tables with row security

Any tables related to events are likely
cancelled_event
check_in
event

Tables related to users

user
cancelled_event (under review)
check_in
permission_assignment
permission_history
user
user_availability
user_check
user_employment_change
win

Tables related to projects

Note: Project itself does not need row level privileges.
leadership_type
project_status_history
any tables related to events are likely
cancelled_event
check_in
event

[ExperimentsInHonesty]

The constants.py file has the table permissions by user type https://github.com/hackforla/peopledepot/pull/308/files#diff-96652a08f40223957a22902bea632c87864087286aa1644fd3b4d4bc08e64c56