• Created by Unknown User (kylej1@u.washington.edu), last modified by Unknown User (jwerle) on Jul 18, 2007

Privacy Settings and Access Control

This is a preliminary list of which features in the site can be restricted, and to whom each can be restricted. The phrase 'All Colleagues' refers to all friends, all members in all groups, plus all members in a region. For each of the types of modules listed, I have given the types of content that is controllable as well as the possible roles each can be set to.

 Account/Profile information

  • All contact information, which includes email, phone #s, IM accounts, address, VC IP, Virtual OH
  • Resources
  • Possibly the profile photo

      Access roles

  • Friends can always see all account/profile info
  • Additional roles: Logged in users, Regional members

Projects

  • Identity/contact info for project leaders (As a whole, NOT each individual piece of contact info, that's ridiculous. Also note this would be overruled by any account/profile privacy settings of the project leaders.)
  • News/Events (All or none, but can be overruled on a per-item basis at time of news/event submission)
  • Project message board (All or none)
  • Identity/contact for project participants (See note to leaders)
  • Identity/contact for project subscribers (Ditto)
  • Project resources
  • Could also control the entire project itself (Note, I'm on the record as opposing this choice, as it means we have to alter search results based on privacy, not just alter the project display page. )
  • Project participation (not content, but literally who can join as a participant)
  • Project subscriptions (ditto, who can subscribe)

      Access roles

  • Projects leaders/participants can see everything
  • Additional roles: Everyone, Logged in users, Project subscribers, Some set of groups (defined at creation by project leader)
  • I believe the above are enough, but we could get fancy with choices like Leaders' friends, All Leaders' Colleagues, All Participants' friends, etc. (there's almost an unlimited number of things we could do)
  • For the participant/subscriber control, options would be: Anyone, Invite only, or arbitrary criteria matching (that is, restricted based on any/all of the profile fields we collect, this option is probably not doable by Sep.)

News/Events

  • Visibility of event
  • That's all I got...

      Access roles

  • This sort of depends on where the news/event is being added.
  • Within a project, the roles would be the same options above, All, logged in, subscribers, participants.
  • For Group news/events: Everyone, logged in users, group members only
  • For sitewide news/events: Either everyone or only logged in
    One final note, taking out the 'everyone' options and restricting all content to only members of the site is an option too. Kind of frustrating for people trying to get a feel for the site perhaps, but it is an option.
  • No labels