https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=40546 Bug ID: 40546 Summary: Add access control layer using RBAC (Role-Based Access Control) + ABAC (Attribute-Based Access Control) Change sponsored?: --- Product: Koha Version: Main Hardware: All OS: All Status: NEW Severity: enhancement Priority: P5 - low Component: Architecture, internals, and plumbing Assignee: koha-bugs@lists.koha-community.org Reporter: dcook@prosentient.com.au QA Contact: testopia@bugs.koha-community.org The idea here is that you have roles "LibraryAdmin", "CircDesk", "Cataloguing", etc. We would probably attach the roles to patron categories (ie groups) and patrons. Separately we'd have an attribute-based policy. Typically, you have a "subject" (ie Logged in user), "action" (RunReport), and "object" (Report 42). Sometimes you'll also have a "condition"/"context" (LoggedInBranch CPL). This attribute-based policy could then be assigned to a role or a patron. I expect broad policies would be applied at the role level, and then more specific policies would be applied at the patron level. We might find that we rarely or never use them at the patron-level, but probably good to allow for that level of specificity. -- You are receiving this mail because: You are watching all bug changes. You are the assignee for the bug.