UI improvement to concluded license handling about fossology HOT 12 CLOSED

Yes, audit is a permission role.
I didn't quite follow your comment about adding audit functionality. I added possibility to
change nomos scanner report result but 'Audit/Edit concluded license' are as they
exist in 2.6.x versions.
I just tried to make access to that functionality more user friendly.
This picture illustrate 'View License' when concluded license is not set.

Buttons are visible which indicates that this file has not been reviewed. Concluded license
can be set either selecting 'Edit concluded license' button or selecting 'Audit' from micromenu.
When the concluded license is set then buttons are not any more visible in 'View License'
view as shown in the picture below. However, the concluded license can be changed still
by selecting 'Audit' from micromenu.

By the way 'One-shot copyright/emailURL' option in micromenu is not logical. I think it
should be removed and if needed it can be selected from 'Upload' menu.

Br,
Raino

from fossology.

for item 1:
admin should have the audit permission, still have to add this specific permission(user)?
for item 3:
set concluded license on files, not understand very well.
files here means files with same licenses or one directory or any selected files on an upload, others?
for item 4:
still show concluded licenses even has audit licenses?
for item 5:
have to define Change license for license scanner/Concluded license/Audit license more clearly, possible will confuse users if not.

from fossology.

Item 1:
Currently if a user who has upload right he automatically has also right to edit (concluded) license.
From governance point of view it is ok that designers may have right to upload and scan packages but
license review is done by other people (license reviewers). I think Admin right should be reserved
for tool administrators. Therefore I propose a new permission level.

Item 3:
Hopefully attached picture clarifies this. In many case it is clear what the concluded license
on file level is, for example in case when only one license is detected by a scanner. In these
cases the concluded license could be selected directly from the 'List Files for License' view.

Item 4:
Selecting 'Edit concluded license' and 'Audit' open the same view. Maybe the names should be identical?

Item 5:
I agree. The naming could be different. Also adding this new permission level helps this
because then the ordinary user does not see these options (buttons) at all, only the reviewers who
should know the tool features better.

from fossology.

rlintu, thanks for your explanation.

I talked with bob on Tuesday on this issue.
from bob's perspective, audit is just a permission role, this role has the permission to change the license scanner report and edit conclude license, do not have to add audit functionality.

ideas?

from fossology.

from my previous point:
no audit features, just have audit roles (this role is able to do all the license review jobs), Audit micro-menu is not necessary because it is same as 'Edit concluded license'.

however, after I reading your comment above, your idea is more make sense to me, need talk with others. from bob's perspective, we need more more discussions from the whole team, it seems that the guys from siemens also have ideas on Audit.

-Larry

from fossology.

a lot has changed then, I am inclined towards closing the ticket, because while there is not a spcieal audit role, the edit and review support in the UI has much improved. Pushing back therefore and candidate for closing. Please speak up if parts of it should be still in or differently scheduled.

from fossology.

Lot of changes indeed. It is quite difficult to follow what is happening. About the original idea to separate rights to upload and schedule agents and right to set concluded license. How is that done now? Using group rights?

from fossology.

Now, it is like there is a read-access role and there is a read-write-access role (in addition to the admin role). Accordingly, there is is distinction between tasks. I think what is needed here is to have a comprehensive view, if we want to have something like more process oriented roles (Uploader / Customer, Clearing Expert, ...) which sounds good in general.

More feedback?

from fossology.

For 3.0 current permission setup is manageable, I mean give read-write permissions only few people and make clear instructions what to do and what you cannot do even you have rights to do.

For later releases I support your comment on process oriented roles. However, for 3.0 I would like to see this bug corrected
#524

from fossology.

Well, the global permissions like read-write do only affect the upload itself (e.g., the description), but not the decisions.
There are three permission levels within a group: User, Advisor and Admin. A [group] User can conclude license, but not change the assignee for an upload. An Advisor can also change the assignee or reject the clearing. A [group] Admin can additionally manage the permissions within the group.
A fourth group role, e.g. Observer, for those how cannot change the concluded license, might be good.

from fossology.

observer roles makes sense. I am not seeing this super urgent (hence 3.2.0 milestone) because in most cases, people should have an understanding about OSS licensing before using fossology. Please object if you do not agree.

from fossology.

actually catching up with this issue is difficult, so the only open point was opened here:
#1091

from fossology.