Skip to content

Spike - RBAC AuthZ - xblock endpoint: identify use cases and match with permissions #177

New issue
New issue
Open
Open
Spike - RBAC AuthZ - xblock endpoint: identify use cases and match with permissions#177
Labels
verawoodReleased in Verawood
@rodmgwgu

Description

@rodmgwgu
rodmgwgu
opened on Jan 19, 2026

Identify use cases that are covered by the xblock endpoint in edx-platorm and figure out what permissions should apply for the different use cases for the AuthZ for Course authoring project.

References:

Discovery findings on endpoints used for the different use cases on Course Authoring: https://openedx.atlassian.net/wiki/spaces/OEPM/pages/5404590081/Technical+Discovery+Notes+-+AuthZ+for+Course+Authoring#On-adding-permissions-to-existing-course-features-on-top-of-existing-API-endpoints

Proposed permissions list: https://openedx.atlassian.net/wiki/spaces/OEPM/pages/5528715266/openedx-authz+permission+list

Expected outcome:

  • Document explaining which use cases are handled by the xblock endpoint, and which permission apply for each use case.
  • An estimation of the work required to implement the new permissions over this endpoint (don't forget to still support old authz flow if the flag is disabled).

Metadata

Metadata

Assignees

No one assigned

    Labels

    verawoodReleased in Verawood

    Type

    No type

    Projects

    RBAC AuthZ Board

    Status

    Ready for Development

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions