SPIKE: System and Tenant Level Users - Requirements

Description

Overview

The topic of system and tenant level users has come up a few times in various contexts. This investigation is to gather requirements and use cases in a single place.

Edge APIs use "institutional users". These are essentially tenant-level users
- For now provisioning of these users must be done manually, including granting permissions, etc.
- The login credentials for these institutional users must be stored in a secret store where the edge API can access them.
discusses the need/desire for system or tenant-level users in the context of record metadata.
- If the system creates/modifies a record and there is no user context, what should be used in the record metadata?
  - Loading sample/reference data when enabling a module for a tenant
  - mod-pub-sub
  - TBD
Most recently, there were discussions about system user used by certain modules, for example mod-search and mod-pubsub. See discussion of this PR

Link to the description of the possible approaches: https://folio-org.atlassian.net/wiki/display/~mikhail.fokanov/Module+users+in+Folio

Environment

None

Potential Workaround

None

Linked issues

relates to

FOLIO-1786

SPIKE: evaluate "init" tokens as a way to trigger system tasks

FOLIO-1935

Service creating ROLE and SCHEMA on tenant initialization

MODOAIPMH-243

update edge module institutional user permissions

EDGINREACH-2

Provide "Third Party" OAuth2 Token Endpoint for Central Server Authentication to FOLIO

MODINREACH-72

Prepare institutional user for the EDGE module to provide access to application gateway

RMB-743

Add preserveMetadata query parameter to insert/update web APIs to allow client to set metadata info while logged in as admin

RMB-747

Spike: Allow users to authenticate with a 3rd party app which performs actions in FOLIO on their behalf

Checklist

hide

TestRail: Results

Activity

Show:

Raman Auramau June 14, 2021 at 1:06 PM

I'm making the ticket unassigned as for now since I'm not working on it and actually is not aware about the context. Potentially I can take a look some time but currently have no capacity for that.

Hanna Hulevich May 20, 2021 at 11:09 AM

Hi ,
I was told by that you are working on it and this ticket should be assigned to you. could you please clarify? Thank you in advance!

Raman Auramau May 20, 2021 at 10:39 AM

Hi - Frankly I'm not quite catching up on what this is about.
Is this about work with secrets? If so, than one of my current activities is really connected to secrets management proposal though it does not seem to be related to System and Tenant Level Users topic.

Hanna Hulevich May 17, 2021 at 1:37 PM

Hi I was told you are working on this. Could you please clarify if this done or not and probably we need reassign this from Core Platform?
CC

Craig McNally April 19, 2021 at 2:35 PM

I don't think Vasily is on the project anymore.

I don't think this is a security issue in and of itself, but not having this functionality leads developers down paths which often end in security issues. for example.

Done

Details

Assignee

Mikhail Fokanov

Reporter

Craig McNally

Labels

Priority

Story Points

Sprint

None

Development Team

Core: Platform

TestRail: Cases

Open TestRail: Cases

TestRail: Runs

Open TestRail: Runs

Created April 1, 2020 at 5:51 PM

Updated July 29, 2021 at 1:04 PM

Resolved July 29, 2021 at 1:04 PM

Configure

TestRail: Cases

TestRail: Runs