Email to Jakub:
I think permissions have now become a complex enough issue that we need to anoint one person – not me – to be the Permissions Tsar, understanding the system top to bottom. That person will understand what Cate and the SIGs are trying to achieve, what facilities are provided by the back-end, what our permission-naming conventions are, how we aggregate low-level permissions, what kinds of permission-sets are defined by back-end modules and what kinds in UI modules, etc. There is too much of this, and it threads through too much of the whole system, for all of us to try to understand it for our own application areas.
WRT to Permissions Tsar, I don't think it is a scalable approach in the 2 teams of 20 developers and 3 external partners with their own teams. Permissions are an essential aspect of the FOLIO Platform, they permeate both the backend and the frontend and you can hardly implement any functionality without understanding how to use the model.
Instead, let's discuss what can/should be done to make information about the model more accessible. More conceptual information in one place? Examples? I suspect the existing documentation is mixing the implementation details (critical to the core team members working on Okapi and mod-authtoken/login/etc) with explanation on how to consume and define permissions, and this can be remedied.
We'll talk this through in more detail and figure out how to get a better grip on the many interlocking problems of permissions.