Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support system user in Storage #501

Open
6 tasks
Tracked by #84
SandGrainOne opened this issue Sep 20, 2024 · 0 comments
Open
6 tasks
Tracked by #84

Support system user in Storage #501

SandGrainOne opened this issue Sep 20, 2024 · 0 comments
Labels
kind/user-story Used for issues that describes functionality for our users. status/draft Status: When you create an issue before you have enough info to properly describe the issue.

Comments

@SandGrainOne
Copy link
Member

SandGrainOne commented Sep 20, 2024
edited by olebhansen
Loading

Description

This is a list of tasks and changes that needs to be done before we can say that Storage support system users.

Additional Information

This issue is based on the analysis performed in #471.

Usecase: A system user (representing a user - i.e. sending a party-id) instantiates an instance and populates it with data. E.g. The MVA-report.

Tasks

Authorizaion

  • Update to a version of the Altinn.Common.PEP package with support for SystemUser authorization
  • Update all custom Authorization logic to include system user as AccessSubject in Authorization requests.
    The assumption is that we're mostly using the PEP package and the containing DecisionHelper, but there might be exceptions.

Metadata updates:

  • Search for places where the Intance.CreatedBy property is set. Update the logic to use the organization number of the system owner when caller is a system.
  • Search for places where the Intance.LastChangedBy property is set. Update the logic to use the organization number of the system owner when caller is a system.
  • Search for places where the DataElement.CreatedBy property is set. Update the logic to use the organization number of the system owner when caller is a system.
  • Search for places where the DataElement.LastChangedBy property is set. Update the logic to use the organization number of the system owner when caller is a system.
  • Expand the PlatformUser class with properties for: SystemUserId (guid), SystemUserOwner (string) and SystemUserName.
  • Search for all usage (assignments) of the PlatformUser class and populate the new properties when data is available.
  • Update the logic setting the ProcessHistoryItem.PerformedBy property to support an InstanceEvent created with a system user.
  • Update IdentityTelemetryFilter to handle system users

Authentication

Not decided yet (optional future improvement):

Blockers
Beta Give feedback
  1. Add support for system user in PDP endpoint altinn-authorization#578
    kind/user-story status/draft
    TheTechArch

Tasks
Beta Give feedback
  1. Clarify UX - how will this be presented to the use? Do we store the needed information? #510
    status/pending-feedback
    olebhansen
  2. Establish feature-flag so e.g. in AT one can activate the new logic and if a system-user is present in TT, it will be rejected #511
  3. Establish repeatable test-case/test client for system user #512
  5. Establish test-suite - get control over existing cases and decide if they give sufficient coverage for as-is functionallity #513
    SandGrainOne

Acceptance criteria:

  • Component accepts and responds to calls from system users
    • If feature-flag "off", the component gracefully denies calls from system users
  • Component behaves as before for calls from other users
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
kind/user-story Used for issues that describes functionality for our users. status/draft Status: When you create an issue before you have enough info to properly describe the issue.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@SandGrainOne