Implement access control for Manage Users

[exalate-issue-sync]

Business Reason

Different roles will have different permissions for user management and access, thus we need to implement access control functionality into this feature. Managers will be able to view the users, and Committee Administrators will also be able to grant, revoke, and modify access.

Acceptance Criteria

Given a user within a committee account

If the user has the role of “Manager”

Then they will be able to view all users on the committee account and associated fields, including names, emails, roles, and status.

And if the user has the role of “Committee Administrator”

Then they will be able to

• View users
• Grant new user access
• Revoke user access
• Modify user access

QA Notes

Managers will not have the action kebab on the right side (? check with design).

DEV Notes

• Manager role defined in [FECFile Online Roles and Permissions|https://docs.google.com/spreadsheets/d/1fU56xd1faKfhsQeZc7bVP3e4AxvoDPHZPHw2NH0Pv7I/edit?gid=177838223#gid=177838223]
• This ticket includes adding access controls to this functionality

Design

Context: These wireframes were needed to create a way for roles to change between individuals in committees. Currently we only have two roles with the exceptions to expand in the future.- Shannon

!Screenshot 2025-01-15 at 1.15.43 PM.png|width=721,height=335,alt="Screenshot 2025-01-15 at 1.15.43 PM.png"!

This wireframe above is the manager’s view….

These wireframes below are from a Committee Administrator's view

!Screenshot 2025-01-14 at 3.32.36 PM.png|width=817,height=311,alt="Screenshot 2025-01-14 at 3.32.36 PM.png"!

!Screenshot 2025-01-15 at 1.02.34 PM.png|width=545,height=529,alt="Screenshot 2025-01-15 at 1.02.34 PM.png"!

!Screenshot 2025-01-15 at 1.18.12 PM.png|width=673,height=341,alt="Screenshot 2025-01-15 at 1.18.12 PM.png"!

Per notes from 12/10 in [https://fecgov.atlassian.net/browse/FECFILE-1840|https://fecgov.atlassian.net/browse/FECFILE-1840|smart-link]

h3. Aurelia Khorsand December 5, 2024 at 4:12 PM

Edited

BA question for FEC meeting 12/10/24:

Should we ensure that there is always at least one committee admin? Two? Should we prevent committee admins from removing roles from themselves or changing their own role?

Edited to add: although we will not enforce this, it will be HIGHLY recommended that users have an additional committee administrator.

Because of the note above in this final wireframe there are two committee admins In this view.

see ticket [https://fecgov.atlassian.net/browse/FECFILE-1840|https://fecgov.atlassian.net/browse/FECFILE-1840|smart-link] to see all three users ( 2 committee administrators) 1 manager.

See full ticket and images here: FECFILE-1846

[exalate-issue-sync]

akhorsand commented: BA question for FEC meeting 12/10/24: What, if anything, can the "Manager" role see in Manage users? Can they see who is in the committee account, emails, roles?

Edited to add answer: FEC decision from 12/10 meeting was “They can see roles, but cannot edit them. So all above except for the "actions".”

[exalate-issue-sync]

Shannon Clark commented: [~accountid:5b93ddba73130a2b8c662e23] [~accountid:61b0b42cc510bc006b5c03ed] These are ready for Design Review.