#11 New User Roles-Based capabilities
The User Management Module must allow for role-based partitioning of responsibilities. These roles will include, but are not restricted to, the following:
User Admin: Users with this role can add new users and modify the personal attributes of other users within their domain, including name, username, password reset, email address, institution, phone number, address, and status (ie, deactivating a user.) The User Admin may not be able to change users’ permissions on what they can view and edit, but they can designate other User Admins. They may also create, modify, and delete groups.
Create, Edit, and/or Delete entities: An entity may be a part, a design, a library, or a grammar (although grammar will be covered in the section on the Grammar Editor). These permissions may be granted to specific entities either through direct assignment or through membership to a group. By default, the creator may edit or delete his/her own entities, and grant access to his own entities.
Administer entities: A user may be granted permission to grant permissions to an entity to either a group or user; they can also revoke permissions on said entity to a specific user. By default, creators can administer their own entities. When a creator wishes to grant access to an entity to another user, the application will send an invitation to that user, and they can decide whether to join or not.
Administer group: An administrator creating a group will search for users by username and invite them to join a named group. Once a group has been established, the Administrator can add and remove members, and non-administrators can grant permissions to the group as a whole instead of establishing ad hoc groups for every entity.
Super administrator: The Super Administrator role will have permissions to undo previous assignments. This is necessary in case an administrator leaves an entity with no users, or an administrator leaves GenoCAD and his/her responsibilities need to be assigned to another user.
The following will need to be considered when planning for this enhancement begins:
• New screens will be developed for the User Management Module.
• Old screens that are affected by the user management module changes will need to be modified to use the data access layer and to accommodate the new permissions structure.