Skip to content

Fine Grained Access Control

Ahmed Bahajjaj edited this page Mar 22, 2021 · 3 revisions
  • Priority: Medium
  • Knowledge required: Full-stack development/testing, Security Policy
  • Status: Open

A prevailing security policy principle is the principle of least privilege. Course owners should be able to approach permissions assignment for their instructors following this principle. This includes but is not limited to hiding certain sensitive student details or allowing for the viewing of responses but not comments.

Points to consider:

  • How features are currently utilised and accessed might require a rethinking of current permission sets
  • Data migration might be required for changes that are incompatible with current data schema

An extension from https://github.com/TEAMMATES/teammates/issues/10915

Clone this wiki locally