Versions Compared

Old Version 6

changes.mady.by.user saagar.minocha

Saved on

compared with

New Version 7

changes.mady.by.user Patrick Lioi (Deactivated)

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Discussion and Questions (*)
The following section contains discussion related to Roles and questions that arise related to their respective powers:
- The roles discussed above may are not be exclusive to users and there mutually exclusive. There might be instances cases where a single individual is assigned both the roles. Limiting the access of a collaborative admin to only user management aspects of the Admin App allows for a distinction between roles and does not give avoids giving unwarranted access to all the ODS instance data using the Admin App. This distinction between the roles can, however, be ignored if the organization desires to assign the both the roles to the same user.
- Can
- This raises a question of how far should the Admin App go to prevent an admin from granting themselves elevated access: Can Collaborative Admins assign themselves an LEA role and associate with a district?
- Can  Can Collaborative Admins create other Collaborative Admins?
If Yes, this can also serve as a check to the power of the original Collaborative Admin during elevation of privileges. A possible Limiting such elevation may not be Admin App's responsibility, since the collaborative surely has its own policies in place governing access by admin personnel. However, Admin App could provide a simple check on admins: a possible requirement to consider can be to prevent Collaborative Admins from changing their own roles and ODS instance connection assignments. Therefore, having only the ability to add a new Collaborative Admin with a distinct email address who can in turn give the original Collaborative Admin the appropriate roles and ODS instances helps in curbing the administrative power of a Collaborative Admin. Although these restrictions can possibly be circumvented, we can rely on the Collaborative organization to ultimately handle any malicious Collaborators. On the other hand, if there is a need to have the Collaborative Admin as an all-encompassing super user, we can ignore such restrictions.  However, these measures could be circumvented via email aliases or simply by having malicious actors collaborate.

Expected user feature changes due to the proposed user management for Multi-instance mode

...