WIP

OVERVIEW

...

• the goal is to add three new roles: User Manager, Console Viewer and Junior Admin (see https://www.notion.so/New-System-Roles-Special-Admins-be514029606545e3be3aa3e8c8ba507e
  for current requirements). These new roles will be defined at System scope. They will have access to the System Console - like the System Admin

• these new roles will have specific rights on the following resources:

  • System Console sections and subsections.

  • config.json settings (through the API config.go get and set endpoints).

  • various API methods that support functionalities exposed in the System Console (e.g. display analytics, link, sync groups) - separate from config settings.

...

Most API calls that were previously gated by the MANAGE_SYSTEM permission are now gated by the READ_* permissions for the get() calls and WRITE_* permission for the create, patch and update calls.
If we need to have more granular access to an API method that corresponds to the functionality of a sub-section in the System Console (like in the User Manager case), we will gate those calls on a case by case (a single panel functionality in the System Console panel can map to one or more API calls).

Permissions

See changes detailed above

Schema

No schema changes

REST API

The following API methods will have their gating functionality changes, as follows:

Performance

No performance degradation expected.

Plugins

CREDITS

Thanks to