OW2 users and entities management specifications


User Registration and project Membership Workflow

Important steps and transitions in the life of the OW2 users.

joining a project

Once registered to OW2, the user can:

  • have no project membership
  • request to join a project, so the project manager(s) is(are) notified.
  • can be directly added as a project member on the initiative of any existing project manager. (in which case, the user is notified so)

Users management at global level

global application roles

We may want to assign a number of users to a given global permission in a specific application, not depending on project membership.
For example we might want to assign any registered member the role jira-users so they can browse any/some Jira projects and fill an issue request.

To illustrate by an example what we don't want to happen within an application app1 :

PermissionRoles
Browse Projectsprojet1-app1-users,projet2-app1-users,projet3-app1-users,...,projetX-app1-users

Here is what we want instead :

PermissionRoles
Browse Projectsapp1-users

Users management at project level

We want the ability to map project roles to any application permission.
Let's remind that most of the applications we use are themselves internally organized in projects (it can be any other entities at project level).
So the goal here is the ability to map OW2 project roles to applications project's permission.

roles and/vs membership

definitions

In any project we have:

  • the project membership : the list of contributors in the project, across all roles they can take.
  • the project's roles : Project Contributor, Project Manager
  • the project's applicative roles : project specific roles we could think useful where global roles are not appropriate.

Example for Project1 and Project2 instantiated in App1 and App2:

ProjectX in appYPermissionRoles
Project1 in App1See Source Codeproject1-app1-users
Project2 in App1See Source Codeproject2-app1-users
Project1 in App2Update Xproject1-app2-users
Project2 in App2Change Yproject2-app2-users

guidelines and rules

global level

At global level, we can identify roles like Manager or Administrator (including but not limited to.)
Those kinds of users are basically 'power' users being able to:

  • alter projects data
  • add/remove a project (we might want to disable instead of remove a project)
  • manage project's membership.
  • add/remove an user (might be disabling.)
  • Not to remove an user who is the only one in project's Project Manager role ! (we don't want to leave a project without a Project Manager).
  • manage any global roles
  • manage any project's roles membership, however:
    • should not be able to add an user to a project's role who is not member of the project. (he should appear as a member of the project first)
    • Not to remove an user from the project's Project Manager role if there is only one Project Manager remaining. (we don't want to leave a project without a Project Manager).

project level

The Project Manager is someone who should be able to "see" all the community users and to assign any of them to the project(s) he own, anytime.
The Project Manager should be able to:

  • Assign/remove any user to/from its project(s)
  • Only see the projects and project's roles he manages.
  • Assign any of the project's members to its project's roles or applicative roles, however:
    • he should not be able to add an user to a project's role who is not yet member of the project. (he should appear as a member of the project first)
    • he should not be able to remove himself from the Project Manager role if he's the only one Project Manager remaining. (we don't want to leave a project without a Project Manager).