Details
-
Sub-task
-
Resolution: Unresolved
-
Major
-
None
-
None
Description
There should be a more configurable permissions setting that controls CO Person visibility, probably via CO Settings. eg:
- CO Admin: Only CO Admins can see CO Person records
- COU Admin: COU Admins can see CO Person records, plus CO Person Role records they manage
- Any Admin: Any CO or COU Admin can see any CO Person and CO Person Role record
- CO Group: Any Admin + members of the Group (intended for helpdesk, maybe create a special helpdesk group instead?)
It might make sense to introduce a new "Permission" object to abstract this out here and in other places (like Enrollment Flow Authz). Though Permissions would still be managed in the relevant UI (eg: CO Settings), the model abstraction would handle rendering a View Element and processing the Permission at run time.