<!-- 
RSS generated by JIRA (1001.0.0-SNAPSHOT#100246-sha1:7a5c50119eb0633d306e14180817ddef5e80c75d) at Thu Feb 08 23:21:45 UTC 2024

It is possible to restrict the fields that are returned in this document by specifying the 'field' parameter in your request.
For example, to request only the issue key and summary add field=key&field=summary to the URL of your request.
-->
<rss version="0.92" >
<channel>
    <title>FOLIO Jira</title>
    <link>https://folio-org.atlassian.net</link>
    <description>This file is an XML representation of an issue</description>
    <language>en-us</language>    <build-info>
        <version>1001.0.0-SNAPSHOT</version>
        <build-number>100246</build-number>
        <build-date>07-02-2024</build-date>
    </build-info>

<item>
            <title>[MODOAIPMH-243] update edge module institutional user permissions</title>
                <link>https://folio-org.atlassian.net/browse/MODOAIPMH-243</link>
                <project id="10151" key="MODOAIPMH">mod-oai-pmh</project>
                    <description>&lt;p&gt;The edge module user needs some additional permissions:&lt;/p&gt;

&lt;p&gt;for edge-oai-pmh:&lt;br/&gt;
configuration.entries.collection.get&lt;/p&gt;

&lt;p&gt;I also noticed edge patron also has &quot;circulation.requests.item.get&quot; in the README, but we&apos;re not giving that. &lt;/p&gt;</description>
                <environment></environment>
        <key id="64755">MODOAIPMH-243</key>
            <summary>update edge module institutional user permissions</summary>
                <type id="10001" iconUrl="https://folio-org.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10303?size=medium">Bug</type>
                                            <priority id="10002" iconUrl="https://dev.folio.org/assets/jira-priority/jira-p3.svg">P3</priority>
                        <status id="6" iconUrl="https://folio-org.atlassian.net/images/icons/statuses/closed.png" description="The issue is considered finished, the resolution is correct. Issues which are closed can be reopened.">Closed</status>
                    <statusCategory id="3" key="done" colorName="green"/>
                                    <resolution id="10000">Won&apos;t Do</resolution>
                                                        <assignee accountid="70121:be6f0bd2-e000-4943-9f66-4e6e78213e31">Kruthi Vuppala</assignee>
                                                                <reporter accountid="5cd423bebc70090d6ce241b1">Ian Hardy</reporter>
                                    <labels>
                    </labels>
                <created>Tue, 5 May 2020 16:09:36 +0000</created>
                <updated>Tue, 22 Dec 2020 20:46:26 +0000</updated>
                            <resolved>Tue, 22 Dec 2020 20:46:26 +0000</resolved>
                                                                        <due></due>
                            <votes>0</votes>
                                    <watches>6</watches>
                                                                <comments>
                                                            <comment id="157335" author="5cd423bebc70090d6ce241b1" created="Tue, 5 May 2020 17:18:52 +0000"  >&lt;p&gt;Hi &lt;a href=&quot;https://folio-org.atlassian.net/secure/ViewProfile.jspa?accountId=59fcc2d9c14d1e37ad1dd36e&quot; class=&quot;user-hover&quot; rel=&quot;59fcc2d9c14d1e37ad1dd36e&quot; data-account-id=&quot;59fcc2d9c14d1e37ad1dd36e&quot; accountid=&quot;59fcc2d9c14d1e37ad1dd36e&quot; rel=&quot;noreferrer&quot;&gt;Dmytro Popov&lt;/a&gt; we had a couple of questions. When we first set up edge modules we gave the institutional user &quot;diku&quot; in this case permissions to the corresponding Okapi module. For example, the user for edge-oai-pmh gets oai-pmh.all from mod-oai.pmh. So the edge module talks to its partner Okapi module (mod-oai-pmh) in this case for everything it needs.&lt;/p&gt;

&lt;p&gt;Is there a configuration that needs to apply to edge-oai-pmh module that&apos;s different than what would apply to mod-oai-pmh? It&apos;s certainly possible to apply the additional permission to the user if needed (I&apos;ve noticed this is already done for edge-patron for example). &lt;/p&gt;</comment>
                                                            <comment id="157336" author="59fcc2d9c14d1e37ad1dd36e" created="Tue, 5 May 2020 17:58:21 +0000"  >&lt;p&gt;We are working on a feature that requires making calls to mod-configuration from inside the edge-oai-pmh module and this is not RMB-based module that uses the user diku to make calls to OKAPI. The mod-oai-pmh is a regular rmb module that is registered in OKAPI. In Folio UI we create settings in mod-configuration and some of them need to be read in edge-oai-pmh, for instance switching edge API on/off. There are others too.&lt;/p&gt;</comment>
                                                            <comment id="157337" author="557058:b8e64633-1f7c-402d-9caf-9959a5ba5d0d" created="Tue, 5 May 2020 19:23:24 +0000"  >&lt;p&gt;&lt;a href=&quot;https://folio-org.atlassian.net/secure/ViewProfile.jspa?accountId=59fcc2d9c14d1e37ad1dd36e&quot; class=&quot;user-hover&quot; rel=&quot;59fcc2d9c14d1e37ad1dd36e&quot; data-account-id=&quot;59fcc2d9c14d1e37ad1dd36e&quot; accountid=&quot;59fcc2d9c14d1e37ad1dd36e&quot; rel=&quot;noreferrer&quot;&gt;Dmytro Popov&lt;/a&gt; could you expose those setting to edge-oai-pmh via a webservice in mod-oai-pmh and grant access to mod-configuration via modulePermissions?&lt;/p&gt;</comment>
                                                            <comment id="157338" author="59fcc2d9c14d1e37ad1dd36e" created="Wed, 6 May 2020 08:25:44 +0000"  >&lt;p&gt;&lt;a href=&quot;https://folio-org.atlassian.net/secure/ViewProfile.jspa?accountId=557058%3Ab8e64633-1f7c-402d-9caf-9959a5ba5d0d&quot; class=&quot;user-hover&quot; rel=&quot;557058:b8e64633-1f7c-402d-9caf-9959a5ba5d0d&quot; data-account-id=&quot;557058:b8e64633-1f7c-402d-9caf-9959a5ba5d0d&quot; accountid=&quot;557058:b8e64633-1f7c-402d-9caf-9959a5ba5d0d&quot; rel=&quot;noreferrer&quot;&gt;Jakub Skoczen&lt;/a&gt; That would result in sub-optimal resource usage and http round-trips, which would increase load on the system. Moreover, it would have a negative effect on our deliverables for Q2 as we would need to rewrite the existing mechanism.&lt;/p&gt;

&lt;p&gt;Here is a  couple of examples: &lt;/p&gt;
&lt;ul&gt;
	&lt;li&gt;Consider switching edge api on/off based on a configuration setting.&lt;br/&gt;
We either make one call to mod-configuration and respond to the edge api client with an error. Or we make a call to mod-oai-pmh, it makes a call to mod-configuration, it then finds a setting and responds to edge. Then edge responds to the client with an error. This results in an extra http request and load on the system. And as it happens there is no web service in the oai-pmh module and that would require additional effort.&lt;/li&gt;
&lt;/ul&gt;


&lt;p&gt;Additionally there are configuration settings that need to be processed in the edge module:&lt;/p&gt;
&lt;ul&gt;
	&lt;li&gt;According to the requirements and their current implementation, there are validation checks against inbound requests in the edge module before getting data from Folio(mod-oai-pmh). We are adding new validation checks and, according to the business rules, some of the checks depend on the settings in mod-configuration and some do not.&lt;/li&gt;
&lt;/ul&gt;


&lt;p&gt;Could you share your concerns on account of granting the necessary permissions to the edge module?&lt;br/&gt;
Alternatively, creating another user for edge-modules would solve the issue. What do you think about it?&lt;/p&gt;</comment>
                                                            <comment id="157339" author="557058:b8e64633-1f7c-402d-9caf-9959a5ba5d0d" created="Wed, 6 May 2020 13:12:45 +0000"  >&lt;p&gt;&lt;a href=&quot;https://folio-org.atlassian.net/secure/ViewProfile.jspa?accountId=5cf6c546b87c300f36eb7b9a&quot; class=&quot;user-hover&quot; rel=&quot;5cf6c546b87c300f36eb7b9a&quot; data-account-id=&quot;5cf6c546b87c300f36eb7b9a&quot; accountid=&quot;5cf6c546b87c300f36eb7b9a&quot; rel=&quot;noreferrer&quot;&gt;Craig McNally&lt;/a&gt; let&apos;s link that with the mod-configuration issue about storing sensitive information (if one exists)&lt;/p&gt;</comment>
                                                            <comment id="157340" author="5cf6c546b87c300f36eb7b9a" created="Thu, 7 May 2020 02:33:18 +0000"  >&lt;p&gt;&lt;a href=&quot;https://folio-org.atlassian.net/secure/ViewProfile.jspa?accountId=557058%3Ab8e64633-1f7c-402d-9caf-9959a5ba5d0d&quot; class=&quot;user-hover&quot; rel=&quot;557058:b8e64633-1f7c-402d-9caf-9959a5ba5d0d&quot; data-account-id=&quot;557058:b8e64633-1f7c-402d-9caf-9959a5ba5d0d&quot; accountid=&quot;557058:b8e64633-1f7c-402d-9caf-9959a5ba5d0d&quot; rel=&quot;noreferrer&quot;&gt;Jakub Skoczen&lt;/a&gt; - done.&lt;/p&gt;

&lt;p&gt;Just my 2 cents here... Granting the permission to the institutional (diku) user is the easy thing to do here, and really it&apos;s safe unless the diku credentials are compromised.  The resulting token is never exposed to the end user calling the edge API and it&apos;s the edge API that&apos;s making the calls into FOLIO.&lt;/p&gt;

&lt;p&gt;I&apos;ve voiced my concern over the use of mod-configuration before (elsewhere), but that mostly concerns the storage of sensitive information.  I do think a distributed configuration model is really a better way to go in general (see 
    &lt;span class=&quot;jira-issue-macro&quot; data-jira-key=&quot;FOLIO-2583&quot; &gt;
                &lt;a href=&quot;https://folio-org.atlassian.net/browse/FOLIO-2583&quot; class=&quot;jira-issue-macro-key issue-link&quot;  title=&quot;Spike: Distributed configuration&quot; &gt;
            &lt;img class=&quot;icon&quot; src=&quot;https://folio-org.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10309?size=medium&quot; /&gt;
            FOLIO-2583
        &lt;/a&gt;
                                                    &lt;span class=&quot;aui-lozenge aui-lozenge-subtle aui-lozenge-complete jira-macro-single-issue-export-pdf&quot;&gt;Open&lt;/span&gt;
            &lt;/span&gt;
 linked above).&lt;/p&gt;

&lt;p&gt;Final note:  This overlaps with another topic that&apos;s on the TC&apos;s architectural blueprint topic list - system and institutional users.  Ideally we wouldn&apos;t have to manually provision these institutional users.  To tie this in with that conversation I&apos;ve linked this to another story - 
    &lt;span class=&quot;jira-issue-macro resolved&quot; data-jira-key=&quot;FOLIO-2551&quot; &gt;
                &lt;a href=&quot;https://folio-org.atlassian.net/browse/FOLIO-2551&quot; class=&quot;jira-issue-macro-key issue-link&quot;  title=&quot;SPIKE:  System and Tenant Level Users - Requirements&quot; &gt;
            &lt;img class=&quot;icon&quot; src=&quot;https://folio-org.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium&quot; /&gt;
            FOLIO-2551
        &lt;/a&gt;
                                                    &lt;span class=&quot;aui-lozenge aui-lozenge-subtle aui-lozenge-success jira-macro-single-issue-export-pdf&quot;&gt;Closed&lt;/span&gt;
            &lt;/span&gt;
&lt;/p&gt;</comment>
                                                            <comment id="157341" author="59fcc2d9c14d1e37ad1dd36e" created="Thu, 7 May 2020 15:23:06 +0000"  >&lt;p&gt;@All Thank you for your time. The security breach that might happen by granting additional permissions to diku made me think it is much better leave mod-oai-pmh talking to Okapi then granting additional permissions to the edge module.&lt;/p&gt;</comment>
                                                            <comment id="157342" author="70121:be6f0bd2-e000-4943-9f66-4e6e78213e31" created="Thu, 17 Dec 2020 17:36:36 +0000"  >&lt;p&gt;After reading the comments and corresponding stories, looks like mod-configuration is not a dependency on edge-oai-pmh anymore. This is the story that moves the config logic to mod-oai-pmh: &lt;a href=&quot;https://folio-org.atlassian.net/browse/MODOAIPMH-131&quot; class=&quot;external-link&quot; rel=&quot;nofollow noreferrer&quot;&gt;https://folio-org.atlassian.net/browse/MODOAIPMH-131&lt;/a&gt;.&lt;br/&gt;
We don&apos;t need this story anymore, as the description is not valid&lt;/p&gt;</comment>
                    </comments>
                <issuelinks>
                            <issuelinktype id="10008">
                    <name>Defines</name>
                                            <outwardlinks description="defines">
                                        <issuelink>
            <issuekey id="11611">UXPROD-2740</issuekey>
        </issuelink>
                            </outwardlinks>
                                                        </issuelinktype>
                            <issuelinktype id="10003">
                    <name>Relates</name>
                                            <outwardlinks description="relates to">
                                        <issuelink>
            <issuekey id="79625">FOLIO-2583</issuekey>
        </issuelink>
            <issuelink>
            <issuekey id="81652">FOLIO-2551</issuekey>
        </issuelink>
                            </outwardlinks>
                                                        </issuelinktype>
                            <issuelinktype id="10007">
                    <name>Requires</name>
                                                                <inwardlinks description="is required by">
                                        <issuelink>
            <issuekey id="37294">EDGOAIPMH-43</issuekey>
        </issuelink>
                            </inwardlinks>
                                    </issuelinktype>
                    </issuelinks>
                <attachments>
                    </attachments>
                <subtasks>
                    </subtasks>
                <customfields>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                <customfield id="customfield_10000" key="com.atlassian.jira.plugins.jira-development-integration-plugin:devsummarycf">
                        <customfieldname>Development</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10057" key="com.atlassian.jira.plugin.system.customfieldtypes:select">
                        <customfieldname>Development Team</customfieldname>
                        <customfieldvalues>
                                <customfieldvalue key="10143"><![CDATA[Concorde]]></customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        <customfield id="customfield_10019" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>Rank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>0|i021u5:</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    <customfield id="customfield_10020" key="com.pyxis.greenhopper.jira:gh-sprint">
                        <customfieldname>Sprint</customfieldname>
                        <customfieldvalues>
                                <customfieldvalue id="27">Concorde - Sprint 104</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                            <customfield id="customfield_10044" key="com.atlassian.jira.plugin.system.customfieldtypes:float">
                        <customfieldname>Story Points</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>0.5</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                <customfield id="customfield_10024" key="com.atlassian.jira.ext.charting:firstresponsedate">
                        <customfieldname>[CHART] Date of First Response</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>Tue, 5 May 2020 17:58:21 +0000</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10025" key="com.atlassian.jira.ext.charting:timeinstatus">
                        <customfieldname>[CHART] Time in Status</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                    </customfields>
    </item>
</channel>
</rss>