M2 - RBAC AuthZ - Admin Console UI for Courses, plus higher level scopes #182
Description
Purpose
Ship the Administrative Console surfaces to manage course roles using the AuthZ service, and unlock bulk and cross scope operations so admins stop repeating the same assignment dozens of times.
Definition of Done
- Courses are a first class resource in the Console.
- Console supports a course scoped team view that lists local members and their roles.
- Console also shows other users with access via higher scopes in a separate section.
- Cross scope assignment and revocation is live for the agreed scopes.
- Admin can assign and revoke roles on: All courses, All courses in Org X, All libraries, All libraries in Org X.
- Bulk operations exist for many users on one scope and one user across related scopes, aligned with the scopes above.
- Auditability is included.
- Every assignment and revocation is auditable, who did it, when, and on which scope.
- Entry points exist from Studio to the Console.
- A deep link from Studio opens the Console in the correct course context, with a clear back path.
- A general entry point from Studio also exists for cross scope navigation and review.
- Baseline UX filters for cross scope review.
- Filters exist for resource type, scope level, and basic search (user, course, library).
Dependencies
- A working staging environment exists for this work, otherwise it is created as part of the milestone.
- M0 and M1 foundations exist, meaning the AuthZ service models the legacy roles and the transition story is stable.