- Provide granular access level control on federated catalogs/models, so that the models federated from company1 are not completely open to all employees in company2.
- Above requirement also aligns with requirement tracked here at item#15 - https://wiki.acumos.org/display/MOB/Demeter+proposal
Proposed solution/implementation details (please create below dev tasks and assign to appropriate resources):
- New Portal screen to allow admin to manage (create, edit, delete) user access roles
- Revise Portal catalog management screen to allow admin to view, add, delete access roles for a catalog.
- Revise Portal user management screen to allow admin to view, add, delete access roles for a user
- CDS provide new endpoints to view, add, delete access roles for a catalog
- CDS Query support to 1) retrieve catalogs based on user's role and 2) retrieve models based on accessible catalogs and user's role.
- Portal update the "Select Favorite Catalogs" screen by using above CDS role based catalogs query to show the accessible catalogs to logged-in user.
- Portal update the "Marketplace" screen to filter the list of models by using the above CDS role based models query to retrieve models based on accessible catalogs and user's role.
- Federation create newly federated catalogs as restricted with no roles assigned
- Company2 subscribes to Company 1's "Comp1 catalog" and federation copies over catalog. After the copy, only admin users can see the catalog.
- Company2's admin creates role "Comp1 restricted role" in Company2 Portal.
- Company2's admin assigns role "comp1 restricted role" to catalog "Comp1 catalog".
- Company2's admin assigns User1 to role "comp1 restricted role".
- User1 is the only non-admin user who can view the "Comp1 catalog" from Portal's market place.
18 Nov 2019 - Everyone agreed at 3pm meeting to go-ahead with above requirement and also with the solution focused in single system (rather than using multiple Acumos instances).