System and Tenant-level Users

NOTICE

This decision has been been archived as it deemed irrelevant based on feedback from the Owner

Overview

There are several scenarios where modules need a system or tenant-level user.  Requirements and various scenarios are captured in FOLIO-2551 - Getting issue details... STATUS .  Ideally we can solve this at the platform level and apply it in a consistent manner.  

Scenarios

This is a work in progress - see the JIRA linked above for additional details.

  • A module needs to perform asynchronous actions which involves calling other modules.  In order to make the request an okapi token is required, suggesting that there's a user context.
  • A module needs to writing/updating records in the DB out of band - i.e. outside the context of a request.  A user context is needed to set record metadata
  • Edge APIs use manually provisioned institutional users to make calls into FOLIO.  It would be nice if these did not have to be manually created and managed.
  • TBD

Other Considerations

  • It would be nice if these system/tenant users could be hidden from the users app to reduce the risk of being accidentally changed/removed/etc.  It may also be desirable for these to be invisible to librarians to help cut down on clutter in the users app.
  • The secret storage design effort may overlap here depending on the approach we take here.  See FOLIO secrets management
  • Should these users have their own immutable permission sets?
  • Shoudl these users have their own immutable patron groups?
  • A solution architect (Vasily Gancharov) had started investigating this, but left the project before the work was completed.  VBar may know where to find that work.  It's unclear how far Vasily got, or if anything helpful exists.
  • TBD

JIRAs

Decision

Status

IN PROGRESS

Stakeholders

Developers, SysOps, Hosting providers

OutcomeTBD
Created date

  

OwnerJakub Skoczen Mikhail Fokanov