Allow assigning "See Audit Log Events" role in folders & projects#7460
Allow assigning "See Audit Log Events" role in folders & projects#7460labkey-adam wants to merge 4 commits intodevelopfrom
Conversation
| super("See Audit Log Events", "Allows non-administrators to view audit log events", | ||
| super("See Audit Log Events", "Allows non-administrators to view audit log events in the " + | ||
| "root, every project, and every folder on this site. This level of visibility is not generally recommended. " + | ||
| "For more granular control, assign this role at the project or folder level instead.", |
There was a problem hiding this comment.
This wording kinda implies that there is a project-wide role assignment option?
There was a problem hiding this comment.
Warning that logs can contain PHI?
There was a problem hiding this comment.
Warning that logs can contain PHI?
Maybe only if compliance is present? Though I guess PHI is PHI, regardless of what modules you have installed.
There was a problem hiding this comment.
Warning that logs can contain PHI?
Maybe only if compliance is present? Though I guess PHI is PHI, regardless of what modules you have installed.
I may go with something a little more generic, like "sensitive or protected information."
There was a problem hiding this comment.
This wording kinda implies that there is a project-wide role assignment option?
My thinking is that site/app administrators know enough about role assignments to understand what "assigning at the project level" means. But I could also just say folder and leave it at that.
3 participants
Rationale
We want this role available on a more granular basis. See https://github.com/LabKey/internal-issues/issues/853
Technically, I'm adding a second role with the same name. This allows me to provide a different description at the root (discouraging use of the role there). It's also necessary because the server gets crabby if you try to mix site roles and folder roles in the same role impersonation session.