-
Notifications
You must be signed in to change notification settings - Fork 10
Roles and permissions
We use Django's built-in permissions system, which has a concept of user groups. Django allows assigning permissions to user groups.
Each EUA Job Code is associated with a Django user group (with a login, see details about the job codes).
A CMS person cannot log into eRegs unless they have an EUA job code. When they log in, our system automatically assigns status attributes and a group based on their job codes.
Status: Active
Because this user group does not get "Staff" status, they cannot log into the admin panel.
This user group currently has no assigned permissions. Any permissions that are assigned through these methods apply only to the Django admin system, not to the front end of the website, which is the only part of the website that EREGS_READER users access.
Status: Active, Staff
This user group has "Staff" status, which allows them to log into the admin panel.
This user group has manually assigned permissions to create, read, update, and delete resources. Resource objects inherit the properties of resources.
- Can add Federal Register Link
- Can change Federal Register Link
- Can delete Federal Register Link
- Can view Federal Register Link
- Can add Internal Category
- Can change Internal Category
- Can delete Internal Category
- Can view Internal Category
- Can add Internal file
- Can change Internal file
- Can delete Internal file
- Can view Internal file
- Can add Internal link
- Can change Internal link
- Can delete Internal link
- Can view Internal link
- Can add Internal Subcategory
- Can change Internal Subcategory
- Can delete Internal Subcategory
- Can view Internal Subcategory
- Can add Public Category
- Can change Public Category
- Can delete Public Category
- Can view Public Category
- Can add Public link
- Can change Public link
- Can delete Public link
- Can view Public link
- Can add Public Subcategory
- Can change Public Subcategory
- Can delete Public Subcategory
- Can view Public Subcategory
- Can add Subject
- Can change Subject
- Can delete Subject
- Can view Subject
Status: Active, Staff
This user group is manually assigned all of the previous permissions from EREGS_EDITOR. Additionally, managers receive the following additional capabilities.
It's possible that these capabilities will at some point be useful for EREGS_EDITOR users, but for now they are specific to EREGS_MANAGER and EREGS_ADMIN users.
- Can add Resource Group
- Can change Resource Group
- Can delete Resource Group
- Can view Resource Group
- Can add synonym
- Can change can change synonym
- Can delete synonym
- Can view synonym
Status: Active, Staff, and Superuser
This user group has no assigned permissions. Each user within the group is assigned the Superuser status field as a checkbox on their profile, giving them all capabilities on the site.
Please note that all pages on this GitHub wiki are draft working documents, not complete or polished.
Our software team puts non-sensitive technical documentation on this wiki to help us maintain a shared understanding of our work, including what we've done and why. As an open source project, this documentation is public in case anything in here is helpful to other teams, including anyone who may be interested in reusing our code for other projects.
For context, see the HHS Open Source Software plan (2016) and CMS Technical Reference Architecture section about Open Source Software, including Business Rule BR-OSS-13: "CMS-Released OSS Code Must Include Documentation Accessible to the Open Source Community".
For CMS staff and contractors: internal documentation on Enterprise Confluence (requires login).
- Federal policy structured data options
- Regulations
- Resources
- Statute
- Citation formats
- Export data
- 2021
- Reg content sources
- Default content view
- System last updated behavior
- Paragraph indenting
- Content authoring workflow
- Browser support
- Focus in left nav submenu
- Multiple content views
- Content review workflow
- Wayfinding while reading content
- Display of rules and NPRMs in sidebar
- Empty states for supplemental content
- 2022
- 2023
- 2024
- Medicaid and CHIP regulations user experience
- Initial pilot research outline
- Comparative analysis
- Statute research
- Usability study SOP
- 2021
- 2022
- 2023-2024: 🔒 Dovetail (requires login)
- 🔒 Overview (requires login)
- Authentication and authorization
- Frontend caching
- Validation checklist
- Search
- Security tools
- Tests and linting
- Archive