Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

More granularity in user roles from patron type #400

Closed
kenoir opened this issue Feb 6, 2024 · 8 comments
Closed

More granularity in user roles from patron type #400

kenoir opened this issue Feb 6, 2024 · 8 comments
Assignees
@kenoir

Comments

@kenoir
Copy link
Contributor

kenoir commented Feb 6, 2024
edited
Loading

In order to better distinguish user roles when offering access to restricted images we should:

Update our mapping from patron type to role to be more granular

https://github.com/wellcomecollection/identity/blob/main/packages/shared/sierra-client/src/patron.ts#L29,

We think the user data will get updated when someone logs in the next time, we should confirm this is the case. If so we can decide how to map the patron type to role our side and communicate the appropriate role to role mapping in the style of the example in this RFC: https://github.com/dlcs/protagonist/blob/main/docs/rfcs/008-more-access-control-oidc-oauth.md#role-provider---oidc

Part of: wellcomecollection/platform#5747

See: https://wellcome.slack.com/archives/CBT40CMKQ/p1707148320736249

And: https://wellcome.slack.com/archives/C06P577NUSW/p1710260335832819
@jcateswellcome
Copy link

Just moved this to the 'digital collections' board, as I think we will discuss in our planning session. I'd like to have this resolved this quarter, I think, as it relates to work in the previous quarter and the Digirati work package.

@jcateswellcome
Copy link

Link to notion page placeholder to update: https://www.notion.so/wellcometrust/Restricted-items-access-via-wellcomecollection-bc55baf9a896490d956666515958d2a5?pvs=4

@jamieparkinson
Copy link
Contributor

I believe this will also need a change to the OpenAthens config so that staff can continue to log in using wc.org as an identity provider

@kenoir
Copy link
Contributor Author

kenoir commented Mar 13, 2024

I believe this will also need a change to the OpenAthens config so that staff can continue to log in using wc.org as an identity provider

@jamieparkinson can you expand on this? I'm unsure on how a new Role here would impact the OpenAthens login?

@jcateswellcome
Copy link

Collections information have confirmed they are happy with the proposed approach of adding a new patron type. I'll confirm the next steps with product lines for doing that, then we can update the mapping.

@jamieparkinson
Copy link
Contributor

Missed the q above - my memory is that journal access for Wellcome staff can be via AD, but we also configured OpenAthens to map the Staff patron type so that they can log in via wc.org. That mapping also makes it so that the self-registered patron type can't access journals at all.

@jcateswellcome
Copy link

Just an update that Elizabeth in product lines has started the work to create a new p type. Once I have word on progress against that then we can move this forward.

@jcateswellcome
Copy link

Is part of restricted items access for staff epic

@kenoir kenoir self-assigned this Jun 5, 2024
This was referenced Jun 6, 2024
Merged
Open
@kenoir kenoir closed this as completed Jun 10, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@kenoir kenoir

Labels
None yet
Projects
Digital platform
Status: Archive
Milestone
No milestone
Development

No branches or pull requests
3 participants
@kenoir @jamieparkinson @jcateswellcome