Discuss our requirements for permissions

[fyliu]

Dependency

• Epic: Audit differences between code and documented field names #432

Overview

We need to discuss our needs for permissions and turn them into requirements.

Action Items

• [team discussion] what do we need?
• Make notes in discussion topic Permissions requirements #159
• record the scenarios and convert them into requirements

Resources/Instructions

Keep in mind that this will be converted into acceptance criteria (requirements), so try to define all cases so that the software won't be missing anything crucial.

Examples (already copied into #159)

Cases involving roles and data models:

• a project lead needs to be able to update the project they are leading (row in the project table for their project), but not be able to update the other projects (rows belonging to other projects).
• a contributor needs to be able to edit their own user profile, but not the user.status field, since that data belongs to the organization, and not the other user profiles.

Cases involving roles only:

• an admin needs to be able to act on all tables.