Skip to content

Poc dynamic role creation #1282

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
bolmsten wants to merge 10 commits into
base: develop
Choose a base branch
from
Open

Poc dynamic role creation #1282

bolmsten wants to merge 10 commits into from

Conversation

@bolmsten
Copy link
Contributor

@bolmsten bolmsten commented Dec 3, 2025
edited
Loading

image

Description

This pull request introduces dynamic role creation and assignment for users.

Motivation and Context

This change is necessary to provide flexibility in role management and permissions handling. It aims at solving the problem of hard-coded roles and permissions, making the system more flexible to accommodate different user access levels and permissions.

Changes

  1. A new SQL script is introduced to create dynamic user roles in the database, which includes permissions and data access fields.
  2. Modifications in the backend to handle these new dynamic roles and assign them to users.
  3. Changes in ProposalAuthorization and UserAuthorization to check data access and permissions for the dynamically created roles.

My proposal is to continue using pre-defined roles and dashboards, but allow for the creation of dynamic roles that has two attributes: “data access” and “permissions/config”. I added a new role/dashboard, dynamic_proposal_reader, and created two dynamic roles—ISIS_READ and CLF_READ—both using the dynamic_proposal_reader role/dashboard. The only difference between these roles is the set of instruments associated with each. That would allow users to login and see a proposal table with only the proposals that has the instruments associated with their dynamic role.

We would need to define a set list of dashboards to be used, we can do minor configurations for each dashboard using a config defined on the dynamic role and we can set the data access either by using tags or instruments. I have not shared this approach with the STFC/ELI team yet, but it would be great to know if this approach is at all viable.

It would also allow for different facilities to rename roles like FAP Reviewer to PEP Reviewer.

image image

@bolmsten bolmsten requested a review from a team as a code owner December 3, 2025 13:38
@bolmsten bolmsten requested review from TCMeldrum and removed request for a team December 3, 2025 13:38
@bolmsten bolmsten requested a review from janosbabik December 4, 2025 08:39
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@TCMeldrum TCMeldrum Awaiting requested review from TCMeldrum TCMeldrum is a code owner automatically assigned from UserOfficeProject/stfc-user-programme

@janosbabik janosbabik Awaiting requested review from janosbabik

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@bolmsten