Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Clarify the IG action in the Leaver Checklist #4197

Closed
iaindillingham opened this issue Mar 14, 2024 · 5 comments
Closed

Clarify the IG action in the Leaver Checklist #4197

iaindillingham opened this issue Mar 14, 2024 · 5 comments
Assignees
@iaindillingham @CLStables
Labels
audit

Comments

@iaindillingham
Copy link
Member

iaindillingham commented Mar 14, 2024
edited

The Leaver Checklist contains the following IG action:

In Job Server, remove any backends, global roles and memberships to any projects

The user detail page in Job Server's staff area has a "Clear all roles" button and a "Global Roles" section, with check boxes for each of Job Server's roles (e.g. Core Developer, Interactive Reporter, Output Checker etc.). Consequently, the IG action is unclear.

@CLStables created this issue as a draft, following a Slack discussion.1 It contained two actions, which related to the Leaver Checklist and organization roles. I've created this issue from the draft, and edited it to separate the two actions into separate issues. This issue relates to the Leaver Checklist. #4198 relates to organization roles.

Footnotes

  1. https://bennettoxford.slack.com/archives/C069SADHP1Q/p1710327352827539

@iaindillingham iaindillingham changed the title Tidy up roles on Job Server Clarify the IG acton in the Leaver Checklist Mar 14, 2024
@iaindillingham iaindillingham mentioned this issue Mar 14, 2024
Open
@iaindillingham
Copy link
Member Author

iaindillingham commented Mar 14, 2024
edited

I think there are three types of roles. Listed from widest scope to narrowest scope, they are:

  1. Global (site-wide) roles
  2. Organization roles
  3. Project roles

A user's global roles are displayed in the "Global Roles" section on the user role list page in Job Server's staff area (example). They are updated either by clicking the "Clear all roles" button (which also clears their project roles) or by checking the box that corresponds to the role and clicking the "Update" button.

A user's organization roles are not displayed in Job Server's staff area (#4198).

A user's project roles are displayed in the "Projects" section on the user role list page in Job Server's staff area (example). They are updated by either clicking the "Clear all roles" button (which also clears their global roles) or clicking each project, checking the box that corresponds to the role, and clicking the "Update member" button.

Project roles are associated with project memberships. It is possible to remove (to use the language of the IG action) or to clear (to use the language of Job Server's UI) the project roles associated with a project membership by either updating or deleting the project membership. I think the project membership should be updated, not deleted. Furthermore, I think the IG action should be updated to reflect Job Server's UI.

Consequently, I think the IG action should read:

In Job Server, clear all backends and clear all roles

@LiamHart-hub
Copy link
Collaborator

I have double checked this and have tested this in a few ways, and I think to avoid confusion, it should be listed in the most obvious way.

For example, HelenCEBM has: Core Developer, Interactive Reporter, Output Checker and Project Collaborator Global roles. However, in addition to this, she also has Project Developer roles in some, not all projects, meaning the unticking of a global role doesn't remove her project roles too.

So to avoid any confusion and to guarantee full removal is met, I think the checklist should say:

In Jobserver, remove global roles, backend access, and if relevant, project roles (Project Collaborator and Developer) and membership. If roles are removed from projects, update the notes in the study (at the top of the form) detailing the removal of this user. --- or something of that nature.

@StevenMaude StevenMaude changed the title Clarify the IG acton in the Leaver Checklist Clarify the IG action in the Leaver Checklist Mar 14, 2024
@CLStables
Copy link

I think the simplest thing for now would be to change the leavers checklist to say "In Job Server, remove all backends and remove all roles for this user", and for "remove all backends" and "remove all roles" to link to step-by-step instructions on exactly which buttons to press on what pages. Those instructions should probably live nearby to this section in the team manual.

@iaindillingham
Copy link
Member Author

@LiamHart-hub and I walked through the difference between updating the roles for a membership and deleting a membership. We're going to set aside the issue of how the audit log behaves in each case, which is covered by #4201. We're going to focus on whether we want a user to be

  • listed as a member of a project
  • able to edit a project's status and status description

after the user has left. At present, we can have both/neither, but not either/or. Liam is going to discuss this with the IG team. When the IG has reached a decision, we can clarify the IG action and, if necessary, update job-server.

Liam and I also walked through the difference between global roles and project-level roles, noting that the former aren't audited but the latter are. However, this difference is orthogonal to this issue.

@LiamHart-hub
Copy link
Collaborator

@iaindillingham -Can we please make sure that Juliet has eyes on this too? For some reason I am unable to add her here @JulietUnderdown1

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@iaindillingham iaindillingham

@CLStables CLStables

Labels
audit
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@iaindillingham @CLStables @LiamHart-hub