Comments (12)
Yes, audit is a permission role.
I didn't quite follow your comment about adding audit functionality. I added possibility to
change nomos scanner report result but 'Audit/Edit concluded license' are as they
exist in 2.6.x versions.
I just tried to make access to that functionality more user friendly.
This picture illustrate 'View License' when concluded license is not set.
Buttons are visible which indicates that this file has not been reviewed. Concluded license
can be set either selecting 'Edit concluded license' button or selecting 'Audit' from micromenu.
When the concluded license is set then buttons are not any more visible in 'View License'
view as shown in the picture below. However, the concluded license can be changed still
by selecting 'Audit' from micromenu.
By the way 'One-shot copyright/emailURL' option in micromenu is not logical. I think it
should be removed and if needed it can be selected from 'Upload' menu.
Br,
Raino
from fossology.
for item 1:
admin should have the audit permission, still have to add this specific permission(user)?
for item 3:
set concluded license on files, not understand very well.
files here means files with same licenses or one directory or any selected files on an upload, others?
for item 4:
still show concluded licenses even has audit licenses?
for item 5:
have to define Change license for license scanner/Concluded license/Audit license more clearly, possible will confuse users if not.
from fossology.
Item 1:
Currently if a user who has upload right he automatically has also right to edit (concluded) license.
From governance point of view it is ok that designers may have right to upload and scan packages but
license review is done by other people (license reviewers). I think Admin right should be reserved
for tool administrators. Therefore I propose a new permission level.
Item 3:
Hopefully attached picture clarifies this. In many case it is clear what the concluded license
on file level is, for example in case when only one license is detected by a scanner. In these
cases the concluded license could be selected directly from the 'List Files for License' view.
Item 4:
Selecting 'Edit concluded license' and 'Audit' open the same view. Maybe the names should be identical?
Item 5:
I agree. The naming could be different. Also adding this new permission level helps this
because then the ordinary user does not see these options (buttons) at all, only the reviewers who
should know the tool features better.
from fossology.
rlintu, thanks for your explanation.
I talked with bob on Tuesday on this issue.
from bob's perspective, audit is just a permission role, this role has the permission to change the license scanner report and edit conclude license, do not have to add audit functionality.
ideas?
from fossology.
from my previous point:
no audit features, just have audit roles (this role is able to do all the license review jobs), Audit micro-menu is not necessary because it is same as 'Edit concluded license'.
however, after I reading your comment above, your idea is more make sense to me, need talk with others. from bob's perspective, we need more more discussions from the whole team, it seems that the guys from siemens also have ideas on Audit.
-Larry
from fossology.
a lot has changed then, I am inclined towards closing the ticket, because while there is not a spcieal audit role, the edit and review support in the UI has much improved. Pushing back therefore and candidate for closing. Please speak up if parts of it should be still in or differently scheduled.
from fossology.
Lot of changes indeed. It is quite difficult to follow what is happening. About the original idea to separate rights to upload and schedule agents and right to set concluded license. How is that done now? Using group rights?
from fossology.
Now, it is like there is a read-access role and there is a read-write-access role (in addition to the admin role). Accordingly, there is is distinction between tasks. I think what is needed here is to have a comprehensive view, if we want to have something like more process oriented roles (Uploader / Customer, Clearing Expert, ...) which sounds good in general.
More feedback?
from fossology.
For 3.0 current permission setup is manageable, I mean give read-write permissions only few people and make clear instructions what to do and what you cannot do even you have rights to do.
For later releases I support your comment on process oriented roles. However, for 3.0 I would like to see this bug corrected
#524
from fossology.
Well, the global permissions like read-write do only affect the upload itself (e.g., the description), but not the decisions.
There are three permission levels within a group: User, Advisor and Admin. A [group] User can conclude license, but not change the assignee for an upload. An Advisor can also change the assignee or reject the clearing. A [group] Admin can additionally manage the permissions within the group.
A fourth group role, e.g. Observer, for those how cannot change the concluded license, might be good.
from fossology.
observer roles makes sense. I am not seeing this super urgent (hence 3.2.0 milestone) because in most cases, people should have an understanding about OSS licensing before using fossology. Please object if you do not agree.
from fossology.
actually catching up with this issue is difficult, so the only open point was opened here:
#1091
from fossology.
Related Issues (20)
- XML parsing error due to & HOT 1
- Docker: Permission denied: '/root/.cache'" HOT 3
- REST API: /uploads/{id}/item/{itemId}/info does not work because it is incorrectly excluded from authentication HOT 4
- "Require uploadType" error HOT 3
- Create User Documentation
- Which is the most recent version of Postgres available for use (14/15/16...)? HOT 4
- Scancode copyright findings are ignored in ReadmeOSS, SPDX, REST API; user copyright findings are ignored in REST API HOT 7
- Reimport of an exported SPDX RDF report is not working (since version 4.2.1.45) HOT 4
- Importing an RDF report can fail with "shortname already in use" when matching with SPDX ID HOT 4
- Uploading a new file to Fossology server via API v2 HOT 6
- SPDX Report generation for files with candidate license failed
- "Require uploadType" error with API v1 HOT 4
- Upgrade the User & Group APIs to Version 2 HOT 1
- Upgrade the Folder & License APIs to Version 2 HOT 2
- Alert mechanism via API
- Call to a member function getId() on null in lib/php/Report/ReportUtils.php HOT 3
- As a User I would like to filter out files by extension on the search box. HOT 2
- The database upgrade failed from version 9.6 to a higher version
- Upgrade the Jobs & Report based APIs to Version 2 HOT 1
- cp2foss does not work from 4.3.0-rc1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from fossology.