<!-- 
RSS generated by JIRA (1001.0.0-SNAPSHOT#100246-sha1:7a5c50119eb0633d306e14180817ddef5e80c75d) at Thu Feb 08 23:12:36 UTC 2024

It is possible to restrict the fields that are returned in this document by specifying the 'field' parameter in your request.
For example, to request only the issue key and summary add field=key&field=summary to the URL of your request.
-->
<rss version="0.92" >
<channel>
    <title>FOLIO Jira</title>
    <link>https://folio-org.atlassian.net</link>
    <description>This file is an XML representation of an issue</description>
    <language>en-us</language>    <build-info>
        <version>1001.0.0-SNAPSHOT</version>
        <build-number>100246</build-number>
        <build-date>07-02-2024</build-date>
    </build-info>

<item>
            <title>[FOLIO-1336] bootstrap necessary user data in order to use the API</title>
                <link>https://folio-org.atlassian.net/browse/FOLIO-1336</link>
                <project id="10290" key="FOLIO">FOLIO</project>
                    <description>&lt;p&gt;&lt;a href=&quot;https://github.com/folio-org/folio-install/blob/master/single-server.md#create-a-folio-superuser&quot; class=&quot;external-link&quot; rel=&quot;nofollow noreferrer&quot;&gt;https://github.com/folio-org/folio-install/blob/master/single-server.md#create-a-folio-superuser&lt;/a&gt; &lt;/p&gt;

&lt;p&gt;The section on setting up initial user and password needs to be modified so it does not refer to building mod-login. We may need additional functionality in mod-login and mod-permisssions to bootstrap a user. Comment Heikki Levanto Adam Dickmeiss Kurt Nordstrom?&lt;/p&gt;

&lt;p&gt;&lt;a href=&quot;https://folio-org.atlassian.net/secure/ViewProfile.jspa?accountId=5c706fbb47a54a6728e59df2&quot; class=&quot;user-hover&quot; rel=&quot;5c706fbb47a54a6728e59df2&quot; data-account-id=&quot;5c706fbb47a54a6728e59df2&quot; accountid=&quot;5c706fbb47a54a6728e59df2&quot; rel=&quot;noreferrer&quot;&gt;Wayne Schneider&lt;/a&gt; &lt;a href=&quot;https://folio-org.atlassian.net/secure/ViewProfile.jspa?accountId=712020%3A38d1a08f-86a8-4df2-9191-239b16b0a81a&quot; class=&quot;user-hover&quot; rel=&quot;712020:38d1a08f-86a8-4df2-9191-239b16b0a81a&quot; data-account-id=&quot;712020:38d1a08f-86a8-4df2-9191-239b16b0a81a&quot; accountid=&quot;712020:38d1a08f-86a8-4df2-9191-239b16b0a81a&quot; rel=&quot;noreferrer&quot;&gt;Heikki Levanto&lt;/a&gt; &lt;a href=&quot;https://folio-org.atlassian.net/secure/ViewProfile.jspa?accountId=5c38e8d616ac1e4f7cbc660a&quot; class=&quot;user-hover&quot; rel=&quot;5c38e8d616ac1e4f7cbc660a&quot; data-account-id=&quot;5c38e8d616ac1e4f7cbc660a&quot; accountid=&quot;5c38e8d616ac1e4f7cbc660a&quot; rel=&quot;noreferrer&quot;&gt;Kurt Nordstrom&lt;/a&gt;&lt;/p&gt;</description>
                <environment></environment>
        <key id="80688">FOLIO-1336</key>
            <summary>bootstrap necessary user data in order to use the API</summary>
                <type id="10002" iconUrl="https://folio-org.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10322?size=medium">New Feature</type>
                                            <priority id="10001" iconUrl="https://dev.folio.org/assets/jira-priority/jira-p2.svg">P2</priority>
                        <status id="6" iconUrl="https://folio-org.atlassian.net/images/icons/statuses/closed.png" description="The issue is considered finished, the resolution is correct. Issues which are closed can be reopened.">Closed</status>
                    <statusCategory id="3" key="done" colorName="green"/>
                                    <resolution id="10003">Done</resolution>
                                                        <assignee accountid="5c706fbb47a54a6728e59df2">Wayne Schneider</assignee>
                                                                <reporter accountid="557058:b8e64633-1f7c-402d-9caf-9959a5ba5d0d">Jakub Skoczen</reporter>
                                    <labels>
                            <label>ci</label>
                            <label>core</label>
                            <label>sprint42</label>
                            <label>sprint43</label>
                            <label>sprint44</label>
                            <label>sprint45</label>
                    </labels>
                <created>Wed, 11 Jul 2018 13:51:37 +0000</created>
                <updated>Mon, 12 Nov 2018 14:24:48 +0000</updated>
                            <resolved>Fri, 31 Aug 2018 00:02:03 +0000</resolved>
                                                                        <due></due>
                            <votes>0</votes>
                                    <watches>5</watches>
                                                                <comments>
                                                            <comment id="194192" author="712020:38d1a08f-86a8-4df2-9191-239b16b0a81a" created="Wed, 11 Jul 2018 14:07:37 +0000"  >&lt;p&gt;Probably the document should also say something about securing the supertenant of the installation. We have already seen random users deleting and disabling modules from our test boxes...&lt;/p&gt;</comment>
                                                            <comment id="194193" author="712020:38d1a08f-86a8-4df2-9191-239b16b0a81a" created="Wed, 11 Jul 2018 14:08:51 +0000"  >&lt;p&gt;The document should use the &lt;tt&gt;pull&lt;/tt&gt; method to find a list of all available modules&lt;/p&gt;</comment>
                                                            <comment id="194194" author="557058:b8e64633-1f7c-402d-9caf-9959a5ba5d0d" created="Tue, 24 Jul 2018 13:57:57 +0000"  >&lt;p&gt;&lt;a href=&quot;https://folio-org.atlassian.net/secure/ViewProfile.jspa?accountId=5c706fbb47a54a6728e59df2&quot; class=&quot;user-hover&quot; rel=&quot;5c706fbb47a54a6728e59df2&quot; data-account-id=&quot;5c706fbb47a54a6728e59df2&quot; accountid=&quot;5c706fbb47a54a6728e59df2&quot; rel=&quot;noreferrer&quot;&gt;Wayne Schneider&lt;/a&gt; we discussed that one way to do it is to disable the authtoken module right after &quot;install&quot;, bootstrap the user using the API and re-enable it.&lt;/p&gt;</comment>
                                                            <comment id="194195" author="5c706fbb47a54a6728e59df2" created="Wed, 25 Jul 2018 19:30:32 +0000"  >&lt;p&gt;Here&apos;s the procedure...I could certainly code this in folio-ansible and update the install document, unless it seems too crazy.&lt;/p&gt;

&lt;p&gt;I tested the following procedure on the Vagrant box folio/snapshot:&lt;br/&gt;
1. Disable mod-authtoken by POSTing to &lt;tt&gt;/_/proxy/tenants/diku/install&lt;/tt&gt;:&lt;/p&gt;
&lt;div class=&quot;code panel&quot; style=&quot;border-width: 1px;&quot;&gt;&lt;div class=&quot;codeContent panelContent&quot;&gt;
&lt;pre class=&quot;code-java&quot;&gt;
[
  {
    &lt;span class=&quot;code-quote&quot;&gt;&quot;id&quot;&lt;/span&gt;: &lt;span class=&quot;code-quote&quot;&gt;&quot;mod-authtoken&quot;&lt;/span&gt;,
    &lt;span class=&quot;code-quote&quot;&gt;&quot;action&quot;&lt;/span&gt;: &lt;span class=&quot;code-quote&quot;&gt;&quot;disable&quot;&lt;/span&gt;
  }
]
&lt;/pre&gt;
&lt;/div&gt;&lt;/div&gt;
&lt;p&gt;You get back specific versions of mod-authtoken and anything else in the dependency chain which can be used later to reenable &amp;#8211; eg:&lt;/p&gt;
&lt;div class=&quot;code panel&quot; style=&quot;border-width: 1px;&quot;&gt;&lt;div class=&quot;codeContent panelContent&quot;&gt;
&lt;pre class=&quot;code-java&quot;&gt;
[
    {
        &lt;span class=&quot;code-quote&quot;&gt;&quot;id&quot;&lt;/span&gt;: &lt;span class=&quot;code-quote&quot;&gt;&quot;folio_organization-2.2.100093&quot;&lt;/span&gt;,
        &lt;span class=&quot;code-quote&quot;&gt;&quot;action&quot;&lt;/span&gt;: &lt;span class=&quot;code-quote&quot;&gt;&quot;disable&quot;&lt;/span&gt;
    },
    {
        &lt;span class=&quot;code-quote&quot;&gt;&quot;id&quot;&lt;/span&gt;: &lt;span class=&quot;code-quote&quot;&gt;&quot;mod-login-saml-1.1.0-SNAPSHOT.23&quot;&lt;/span&gt;,
        &lt;span class=&quot;code-quote&quot;&gt;&quot;action&quot;&lt;/span&gt;: &lt;span class=&quot;code-quote&quot;&gt;&quot;disable&quot;&lt;/span&gt;
    },
    {
        &lt;span class=&quot;code-quote&quot;&gt;&quot;id&quot;&lt;/span&gt;: &lt;span class=&quot;code-quote&quot;&gt;&quot;folio_stripes-core-2.10.3000311&quot;&lt;/span&gt;,
        &lt;span class=&quot;code-quote&quot;&gt;&quot;action&quot;&lt;/span&gt;: &lt;span class=&quot;code-quote&quot;&gt;&quot;disable&quot;&lt;/span&gt;
    },
    {
        &lt;span class=&quot;code-quote&quot;&gt;&quot;id&quot;&lt;/span&gt;: &lt;span class=&quot;code-quote&quot;&gt;&quot;mod-authtoken-1.5.0-SNAPSHOT.22&quot;&lt;/span&gt;,
        &lt;span class=&quot;code-quote&quot;&gt;&quot;action&quot;&lt;/span&gt;: &lt;span class=&quot;code-quote&quot;&gt;&quot;disable&quot;&lt;/span&gt;
    }
]
&lt;/pre&gt;
&lt;/div&gt;&lt;/div&gt;

&lt;p&gt;2. Create the user account using the API by POSTing to &lt;tt&gt;/users&lt;/tt&gt; (a fairly minimal record). Set the &lt;tt&gt;X-Okapi-Tenant&lt;/tt&gt; header in your request. &lt;tt&gt;id&lt;/tt&gt; is a required field, use a generated UUID:&lt;/p&gt;
&lt;div class=&quot;code panel&quot; style=&quot;border-width: 1px;&quot;&gt;&lt;div class=&quot;codeContent panelContent&quot;&gt;
&lt;pre class=&quot;code-java&quot;&gt;
{
  &lt;span class=&quot;code-quote&quot;&gt;&quot;id&quot;&lt;/span&gt;: &lt;span class=&quot;code-quote&quot;&gt;&quot;4337fe58-bb0e-44d8-be95-54f4fbdfc8ea&quot;&lt;/span&gt;,
  &lt;span class=&quot;code-quote&quot;&gt;&quot;username&quot;&lt;/span&gt;: &lt;span class=&quot;code-quote&quot;&gt;&quot;superuser&quot;&lt;/span&gt;,
  &lt;span class=&quot;code-quote&quot;&gt;&quot;active&quot;&lt;/span&gt;: &lt;span class=&quot;code-quote&quot;&gt;&quot;&lt;span class=&quot;code-keyword&quot;&gt;true&lt;/span&gt;&quot;&lt;/span&gt;,
  &lt;span class=&quot;code-quote&quot;&gt;&quot;personal&quot;&lt;/span&gt;: {
    &lt;span class=&quot;code-quote&quot;&gt;&quot;lastName&quot;&lt;/span&gt;: &lt;span class=&quot;code-quote&quot;&gt;&quot;Administrator&quot;&lt;/span&gt;,
    &lt;span class=&quot;code-quote&quot;&gt;&quot;email&quot;&lt;/span&gt;: &lt;span class=&quot;code-quote&quot;&gt;&quot;admin@example.org&quot;&lt;/span&gt;
  }
}
&lt;/pre&gt;
&lt;/div&gt;&lt;/div&gt;

&lt;p&gt;3. Create the login user record by POSTing to &lt;tt&gt;/authn/credentials&lt;/tt&gt;. Set the &lt;tt&gt;X-Okapi-Tenant&lt;/tt&gt; header in your request. &lt;tt&gt;userId&lt;/tt&gt; is the same UUID as above.&lt;/p&gt;
&lt;div class=&quot;code panel&quot; style=&quot;border-width: 1px;&quot;&gt;&lt;div class=&quot;codeContent panelContent&quot;&gt;
&lt;pre class=&quot;code-java&quot;&gt;
{
  &lt;span class=&quot;code-quote&quot;&gt;&quot;userId&quot;&lt;/span&gt;: &lt;span class=&quot;code-quote&quot;&gt;&quot;4337fe58-bb0e-44d8-be95-54f4fbdfc8ea&quot;&lt;/span&gt;,
  &lt;span class=&quot;code-quote&quot;&gt;&quot;password&quot;&lt;/span&gt;: &lt;span class=&quot;code-quote&quot;&gt;&quot;admin&quot;&lt;/span&gt;
}
&lt;/pre&gt;
&lt;/div&gt;&lt;/div&gt;

&lt;p&gt;4. Create the permissions user record by POSTing to &lt;tt&gt;/perms/users&lt;/tt&gt;. Set the &lt;tt&gt;X-Okapi-Tenant&lt;/tt&gt; header in your request. &lt;tt&gt;userId&lt;/tt&gt; is the same UUID as above.&lt;/p&gt;
&lt;div class=&quot;code panel&quot; style=&quot;border-width: 1px;&quot;&gt;&lt;div class=&quot;codeContent panelContent&quot;&gt;
&lt;pre class=&quot;code-java&quot;&gt;
{
  &lt;span class=&quot;code-quote&quot;&gt;&quot;userId&quot;&lt;/span&gt;: &lt;span class=&quot;code-quote&quot;&gt;&quot;4337fe58-bb0e-44d8-be95-54f4fbdfc8ea&quot;&lt;/span&gt;,
  &lt;span class=&quot;code-quote&quot;&gt;&quot;permissions&quot;&lt;/span&gt;: [
    &lt;span class=&quot;code-quote&quot;&gt;&quot;perms.all&quot;&lt;/span&gt;
  ]
}
&lt;/pre&gt;
&lt;/div&gt;&lt;/div&gt;

&lt;p&gt;5. Re-enable the disabled modules for the tenant by POSTing to &lt;tt&gt;/_/proxy/tenants/&amp;lt;tenantId&amp;gt;/install&lt;/tt&gt;&lt;/p&gt;
&lt;div class=&quot;code panel&quot; style=&quot;border-width: 1px;&quot;&gt;&lt;div class=&quot;codeContent panelContent&quot;&gt;
&lt;pre class=&quot;code-java&quot;&gt;
[
    {
        &lt;span class=&quot;code-quote&quot;&gt;&quot;id&quot;&lt;/span&gt;: &lt;span class=&quot;code-quote&quot;&gt;&quot;folio_organization-2.2.100093&quot;&lt;/span&gt;,
        &lt;span class=&quot;code-quote&quot;&gt;&quot;action&quot;&lt;/span&gt;: &lt;span class=&quot;code-quote&quot;&gt;&quot;enable&quot;&lt;/span&gt;
    },
    {
        &lt;span class=&quot;code-quote&quot;&gt;&quot;id&quot;&lt;/span&gt;: &lt;span class=&quot;code-quote&quot;&gt;&quot;mod-login-saml-1.1.0-SNAPSHOT.23&quot;&lt;/span&gt;,
        &lt;span class=&quot;code-quote&quot;&gt;&quot;action&quot;&lt;/span&gt;: &lt;span class=&quot;code-quote&quot;&gt;&quot;enable&quot;&lt;/span&gt;
    },
    {
        &lt;span class=&quot;code-quote&quot;&gt;&quot;id&quot;&lt;/span&gt;: &lt;span class=&quot;code-quote&quot;&gt;&quot;folio_stripes-core-2.10.3000311&quot;&lt;/span&gt;,
        &lt;span class=&quot;code-quote&quot;&gt;&quot;action&quot;&lt;/span&gt;: &lt;span class=&quot;code-quote&quot;&gt;&quot;enable&quot;&lt;/span&gt;
    },
    {
        &lt;span class=&quot;code-quote&quot;&gt;&quot;id&quot;&lt;/span&gt;: &lt;span class=&quot;code-quote&quot;&gt;&quot;mod-authtoken-1.5.0-SNAPSHOT.22&quot;&lt;/span&gt;,
        &lt;span class=&quot;code-quote&quot;&gt;&quot;action&quot;&lt;/span&gt;: &lt;span class=&quot;code-quote&quot;&gt;&quot;enable&quot;&lt;/span&gt;
    }
]
&lt;/pre&gt;
&lt;/div&gt;&lt;/div&gt;

&lt;p&gt;6. Grant all permissions to your new user. There is a sample script for doing this at &lt;a href=&quot;https://github.com/folio-org/folio-install/blob/master/load-permissions.pl:&quot; class=&quot;external-link&quot; rel=&quot;nofollow noreferrer&quot;&gt;https://github.com/folio-org/folio-install/blob/master/load-permissions.pl:&lt;/a&gt;&lt;/p&gt;
&lt;div class=&quot;code panel&quot; style=&quot;border-width: 1px;&quot;&gt;&lt;div class=&quot;codeContent panelContent&quot;&gt;
&lt;pre class=&quot;code-java&quot;&gt;
wget https:&lt;span class=&quot;code-comment&quot;&gt;//raw.githubusercontent.com/folio-org/folio-install/master/load-permissions.pl
&lt;/span&gt;perl load-permissions.pl --user superuser --password admin
&lt;/pre&gt;
&lt;/div&gt;&lt;/div&gt;</comment>
                                                            <comment id="194196" author="5c38e8d616ac1e4f7cbc660a" created="Wed, 25 Jul 2018 19:39:24 +0000"  >&lt;p&gt;I imagine we could automate all of this into one script, couldn&apos;t we?&lt;/p&gt;

&lt;div class=&quot;code panel&quot; style=&quot;border-width: 1px;&quot;&gt;&lt;div class=&quot;codeContent panelContent&quot;&gt;
&lt;pre class=&quot;code-java&quot;&gt;
bootstrap.py --okapihost localhost --okapiport 9130 --user superuser --password superuserpass
&lt;/pre&gt;
&lt;/div&gt;&lt;/div&gt;

&lt;p&gt;(Or bootstrap.pl if we must &lt;img class=&quot;emoticon&quot; src=&quot;/images/icons/emoticons/wink.png&quot; height=&quot;16&quot; width=&quot;16&quot; align=&quot;absmiddle&quot; alt=&quot;&quot; border=&quot;0&quot;/&gt; ).&lt;/p&gt;

&lt;p&gt;The alternative is to have mod-users, mod-login and mod-perms come with a configurable superuser that mod-perms automatically grants all permissions to.&lt;/p&gt;</comment>
                                                            <comment id="194197" author="5c706fbb47a54a6728e59df2" created="Thu, 26 Jul 2018 22:09:34 +0000"  >&lt;p&gt;&lt;a href=&quot;https://github.com/folio-org/folio-install/blob/FOLIO-1336-admin-bootstrap/bootstrap-superuser.pl&quot; class=&quot;external-link&quot; rel=&quot;nofollow noreferrer&quot;&gt;https://github.com/folio-org/folio-install/blob/FOLIO-1336-admin-bootstrap/bootstrap-superuser.pl&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;&lt;img class=&quot;emoticon&quot; src=&quot;/images/icons/emoticons/wink.png&quot; height=&quot;16&quot; width=&quot;16&quot; align=&quot;absmiddle&quot; alt=&quot;&quot; border=&quot;0&quot;/&gt; Sorry, &lt;a href=&quot;https://folio-org.atlassian.net/secure/ViewProfile.jspa?accountId=5c38e8d616ac1e4f7cbc660a&quot; class=&quot;user-hover&quot; rel=&quot;5c38e8d616ac1e4f7cbc660a&quot; data-account-id=&quot;5c38e8d616ac1e4f7cbc660a&quot; accountid=&quot;5c38e8d616ac1e4f7cbc660a&quot; rel=&quot;noreferrer&quot;&gt;Kurt Nordstrom&lt;/a&gt;, it&apos;s perl for now.&lt;/p&gt;

&lt;p&gt;Kurt and I chatted about this. It feels like a script like this is a short-term solution, maybe long-term we do want to have some kind of configurable bootstrap user created for the tenant on module initialization. I&apos;ll check in with the SysOps SIG tomorrow to see if they have any expectations.&lt;/p&gt;</comment>
                                                            <comment id="194198" author="5c706fbb47a54a6728e59df2" created="Fri, 27 Jul 2018 16:32:42 +0000"  >&lt;p&gt;Feedback from the SysOps SIG:&lt;br/&gt;
They have security concerns about a bootstrapped user created by the module itself, they would actually rather run a configurable external script, so they can see what is happening and configure it the way they want. There is a security concern about the procedure relying on an unsecured Okapi supertenant, which is obviously not how you would want to run in production.&lt;/p&gt;

&lt;p&gt;So I would suggest that we look at providing simple steps (and a script) for securing the Okapi supertenant (based on Heikki&apos;s guide at &lt;a href=&quot;https://github.com/folio-org/okapi/blob/master/doc/securing.md&quot; class=&quot;external-link&quot; rel=&quot;nofollow noreferrer&quot;&gt;https://github.com/folio-org/okapi/blob/master/doc/securing.md&lt;/a&gt;). The full set of steps might look like:&lt;/p&gt;

&lt;p&gt;1. Enable mod-users, mod-login, mod-permissions for the supertenant&lt;br/&gt;
2. Create a supertenant superuser&lt;br/&gt;
3. Enable mod-authtoken for the supertenant&lt;br/&gt;
4. Use the supertenant superuser to create your tenant with all the modules needed&lt;br/&gt;
5. Use the supertenant superuser to disable mod-authtoken and anything that depends on it for the tenant&lt;br/&gt;
6. Create a tenant superuser&lt;br/&gt;
7. Use the supertenant superuser to re-enable mod-authtoken and friends for the tenant&lt;/p&gt;</comment>
                                                            <comment id="194199" author="5c706fbb47a54a6728e59df2" created="Fri, 27 Jul 2018 16:38:30 +0000"  >&lt;p&gt;Related issue &amp;#8211; 
    &lt;span class=&quot;jira-issue-macro resolved&quot; data-jira-key=&quot;FOLIO-778&quot; &gt;
                &lt;a href=&quot;https://folio-org.atlassian.net/browse/FOLIO-778&quot; class=&quot;jira-issue-macro-key issue-link&quot;  title=&quot;Enforce permissions on Okapi administrative endpoints in CI builds&quot; &gt;
            &lt;img class=&quot;icon&quot; src=&quot;https://folio-org.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium&quot; /&gt;
            FOLIO-778
        &lt;/a&gt;
                                                    &lt;span class=&quot;aui-lozenge aui-lozenge-subtle aui-lozenge-success jira-macro-single-issue-export-pdf&quot;&gt;Closed&lt;/span&gt;
            &lt;/span&gt;
&lt;/p&gt;</comment>
                                                            <comment id="194200" author="557058:b8e64633-1f7c-402d-9caf-9959a5ba5d0d" created="Wed, 8 Aug 2018 13:10:39 +0000"  >&lt;p&gt;&lt;a href=&quot;https://folio-org.atlassian.net/secure/ViewProfile.jspa?accountId=5c706fbb47a54a6728e59df2&quot; class=&quot;user-hover&quot; rel=&quot;5c706fbb47a54a6728e59df2&quot; data-account-id=&quot;5c706fbb47a54a6728e59df2&quot; accountid=&quot;5c706fbb47a54a6728e59df2&quot; rel=&quot;noreferrer&quot;&gt;Wayne Schneider&lt;/a&gt; did you include those steps in folio-install?&lt;/p&gt;</comment>
                                                            <comment id="194201" author="712020:38d1a08f-86a8-4df2-9191-239b16b0a81a" created="Thu, 9 Aug 2018 08:50:10 +0000"  >&lt;p&gt;It would be practical to be able to create the superuser for a tenant automatically, when enabling mod-users the first time. I understand they don&apos;t want to do that in a production system, but it could be implemented so that it does not normally happen, but setting an environment variable would trigger the creation of the superuser. That would make things easier in development scripts etc.&lt;/p&gt;</comment>
                                                            <comment id="194202" author="5c706fbb47a54a6728e59df2" created="Mon, 13 Aug 2018 17:17:56 +0000"  >&lt;p&gt;&lt;a href=&quot;https://folio-org.atlassian.net/secure/ViewProfile.jspa?accountId=712020%3A38d1a08f-86a8-4df2-9191-239b16b0a81a&quot; class=&quot;user-hover&quot; rel=&quot;712020:38d1a08f-86a8-4df2-9191-239b16b0a81a&quot; data-account-id=&quot;712020:38d1a08f-86a8-4df2-9191-239b16b0a81a&quot; accountid=&quot;712020:38d1a08f-86a8-4df2-9191-239b16b0a81a&quot; rel=&quot;noreferrer&quot;&gt;Heikki Levanto&lt;/a&gt; &amp;#8211; the user actually needs to be created in 3 places (mod-users, mod-login, mod-permissions), and the UUID of the user in mod-users needs to line up with &lt;tt&gt;userId&lt;/tt&gt; property of the records in mod-login and mod-permissions...so I&apos;m not sure how practical that is.&lt;/p&gt;

&lt;p&gt;&lt;a href=&quot;https://folio-org.atlassian.net/secure/ViewProfile.jspa?accountId=557058%3Ab8e64633-1f7c-402d-9caf-9959a5ba5d0d&quot; class=&quot;user-hover&quot; rel=&quot;557058:b8e64633-1f7c-402d-9caf-9959a5ba5d0d&quot; data-account-id=&quot;557058:b8e64633-1f7c-402d-9caf-9959a5ba5d0d&quot; accountid=&quot;557058:b8e64633-1f7c-402d-9caf-9959a5ba5d0d&quot; rel=&quot;noreferrer&quot;&gt;Jakub Skoczen&lt;/a&gt; &amp;#8211; I have written a script that accomplishes some of the procedure on a branch of folio-install (&lt;a href=&quot;https://github.com/folio-org/folio-install/blob/136016fed15840a5c8a0f07771a6e31c8e384691/bootstrap-superuser.pl&quot; class=&quot;external-link&quot; rel=&quot;nofollow noreferrer&quot;&gt;https://github.com/folio-org/folio-install/blob/136016fed15840a5c8a0f07771a6e31c8e384691/bootstrap-superuser.pl&lt;/a&gt;), but I need to test and script the full procedure and update the documentation.&lt;/p&gt;</comment>
                                                            <comment id="194203" author="557058:b8e64633-1f7c-402d-9caf-9959a5ba5d0d" created="Wed, 15 Aug 2018 12:40:43 +0000"  >&lt;p&gt;@wayne Okay, thanks.&lt;/p&gt;</comment>
                                                            <comment id="194204" author="5c706fbb47a54a6728e59df2" created="Wed, 29 Aug 2018 20:48:34 +0000"  >&lt;p&gt;This is done, except for securing Okapi. That feels like a slightly separate issue. I&apos;ve asked &lt;a href=&quot;https://folio-org.atlassian.net/secure/ViewProfile.jspa?accountId=61cd0ca0bce5e00069e98be7&quot; class=&quot;user-hover&quot; rel=&quot;61cd0ca0bce5e00069e98be7&quot; data-account-id=&quot;61cd0ca0bce5e00069e98be7&quot; accountid=&quot;61cd0ca0bce5e00069e98be7&quot; rel=&quot;noreferrer&quot;&gt;David Crossley&lt;/a&gt; for a PR review, I&apos;m sure he&apos;ll clean up anything else I&apos;ve missed (or at least gently point it out to me).&lt;/p&gt;

&lt;p&gt;I will comment on 
    &lt;span class=&quot;jira-issue-macro resolved&quot; data-jira-key=&quot;FOLIO-778&quot; &gt;
                &lt;a href=&quot;https://folio-org.atlassian.net/browse/FOLIO-778&quot; class=&quot;jira-issue-macro-key issue-link&quot;  title=&quot;Enforce permissions on Okapi administrative endpoints in CI builds&quot; &gt;
            &lt;img class=&quot;icon&quot; src=&quot;https://folio-org.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium&quot; /&gt;
            FOLIO-778
        &lt;/a&gt;
                                                    &lt;span class=&quot;aui-lozenge aui-lozenge-subtle aui-lozenge-success jira-macro-single-issue-export-pdf&quot;&gt;Closed&lt;/span&gt;
            &lt;/span&gt;
 regarding Okapi security, and raise a new issue for implementing this procedure in folio-ansible. &lt;/p&gt;</comment>
                    </comments>
                <issuelinks>
                            <issuelinktype id="10000">
                    <name>Blocks</name>
                                            <outwardlinks description="blocks">
                                        <issuelink>
            <issuekey id="80674">FOLIO-1314</issuekey>
        </issuelink>
                            </outwardlinks>
                                                        </issuelinktype>
                            <issuelinktype id="10003">
                    <name>Relates</name>
                                            <outwardlinks description="relates to">
                                        <issuelink>
            <issuekey id="80309">FOLIO-778</issuekey>
        </issuelink>
            <issuelink>
            <issuekey id="80803">FOLIO-1446</issuekey>
        </issuelink>
                            </outwardlinks>
                                                                <inwardlinks description="relates to">
                                        <issuelink>
            <issuekey id="80674">FOLIO-1314</issuekey>
        </issuelink>
                            </inwardlinks>
                                    </issuelinktype>
                    </issuelinks>
                <attachments>
                    </attachments>
                <subtasks>
                    </subtasks>
                <customfields>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    <customfield id="customfield_10000" key="com.atlassian.jira.plugins.jira-development-integration-plugin:devsummarycf">
                        <customfieldname>Development</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    <customfield id="customfield_10019" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>Rank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>0|hzypin:</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    <customfield id="customfield_10020" key="com.pyxis.greenhopper.jira:gh-sprint">
                        <customfieldname>Sprint</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    <customfield id="customfield_10108" key="com.atlassian.jira.plugin.system.customfieldtypes:userpicker">
                        <customfieldname>Tester Assignee</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>61cd0ca0bce5e00069e98be7</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                        <customfield id="customfield_10024" key="com.atlassian.jira.ext.charting:firstresponsedate">
                        <customfieldname>[CHART] Date of First Response</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>Wed, 11 Jul 2018 14:07:37 +0000</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10025" key="com.atlassian.jira.ext.charting:timeinstatus">
                        <customfieldname>[CHART] Time in Status</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                    </customfields>
    </item>
</channel>
</rss>