Team App and Role Structure

Version 1.1 by villemai on 2019/05/02 17:21

Team app and role structure

Proposal

There are global teams which are shared across users and applications. They can be composed. Roles have admins which can manage the role. They are restricted to the team application. Teams are implemented as roles in a collab client in KeyCloak (KC).

Applications have local roles which represent the use case of the application and are not shared.

Known applications with their roles are: - wiki (editor, viewer, admin) - drive (editor, viewer) - team (admin)

KC Client structure There are global roles and client roles.

  • There is a shared client called collab in KC.
  • There is a team app with role-admin on the collab KC client and a team client.
  • There is a wiki app (xwiki) with it’s corresponding client.
  • There is a drive app (seafile) with it’s corresponding client.

Each app defines the roles it creates. Roles can be assigned to teams, groups or users.

Wiki teams

The wiki roles are managed in the same way as presently, except that teams can be added to the wiki roles. Wiki roles are not reuseable.

Use cases

Creating a PCO team

A administrator from the PCO creates a PCO team in the team app and adds everyone from the PCO. She also adds certain other key members as admins for the team.

PC Apero Forum collab

The event organiser (EO) creates a PCO Apero Forum collab. The EO adds the PCO team previously defined as editors of the collab. The EO explicitly adds a few collaborators as admins.

Sharing a library (drive) with the PCO

A PCO member (PM) creates a library in the drive. The PCO member shares the library with the PCO team created above as editors.

Organising a workshop.

An event organiser (EO) creates an Event-X collab. The EO creates a team in the Team app called Event-X. The EO creates a Event-X-organisers team in the team app. The EO adds co-organisers to the Event-X-organisers. The EO assigns the editor role to the Event-X-organisers to the Event-X collab. The EO assigns the viewer role to the Event-X members. The EO adds members to the Event-X team in the Team app when they sign up for the workshop.

MOOC

A MOOC coordinator (MC) creates the MOOC-A, MOOC-A-teachers, MOOC-A-admins, MOOC-A-corrector teams in the team app. The MC assigns the admin role to a MOOC-A collab to the MOOC-A-admins. The MC adds the MOOC-A-teachers to the editor role for the collab. A third party homework application has a corrector and submittor roles assigned respectively to the MOOC-A-corrector and MOOC-A teams.

Implementation

The team app can be implemented as a lightweight service.

The following motivations explain why we should create it as a lightweight service: - it needs to be robust - it needs a clear security model

The team app’s backend is KC.

Limitations

Namespace pollution: Users can create any team. There can be official looking teams which are confusing. There can be lots of teams. To avoid users relying on teams wrongly, the team admins should be visible when selecting the team.