Granular permissions for Alma API functions
(The idea title is copied from a NERS suggestion (5311) that didn't make it to the second round.)
When working with third parties it is problematic that granting access to the Alma API for the necessary functionality will often also open up for access to other information that we might not want to share with the same third party.
An example is that allowing a vendor to create PO Lines via the API will also give the vendor access to the complete financial data of our institution, potentially giving them insights that could be used against us when negotiating prices.
A different example is the one from the NERS suggestion:
For example, we would like developers to be able to GET Resource Sharing requests without being able to GET all User records
In the light of the upcoming new EU data protection directive that will apply from 2018-05-25, the lack of granular permissions can prevent us from allowing third parties access to any API section that contains any personal data (including not only user records but also operator ids or vendor contacts):
Daniel Sandbecker
shared this idea
Hello All,
This idea has been closed as part of a cleanup process for ideas older than two years with fewer than 20 votes.
This cleanup process is necessary to streamline our idea management process and ensure that the most relevant and impactful ideas receive the attention they deserve. If you still feel strongly about this idea, you may submit it via the NERS process.
We value your feedback and encourage you to continue submitting and voting for ideas that you believe will enhance Alma.
Alma Product Team