06-06-2023 Consortia questions
Questions to discuss
# | Question | Thoughts, answers |
---|---|---|
1 | SN: Can we use System user for sharing settings, is it ok we system user affiliated with for example 2 tenants, but can save shared records to 60 tenants? | OK: It should be product decision, use user identity or system user identity DB: Share button requires separate new permission, even if admin affiliated only in 2 tenants, but with this permission shared settings should be created in all 65 tenants |
2 | SN: Is it acceptable to store phone numbers and email in user_tenant central schema? | SN: We already storing an unencrypted users data in member tenants, so I think nothing changes if we store them in central tenant now as well RA: We are okay to keep the same approach, but basically need to ask in Security team, has action item to contact security team OK: We are okay, if someone says that it is a concern - we can revisit, we are trying to maintain the same standard that Folio has. Consortium is the single entity. ANWER: use an already existing standard approach without encryption, hashing etc. Roman had conversation with other architects and we have decision now to keep existing initial approach without introducing encryption and adding tenant dropdown |
3 | SN: We need to create shared user and affiliation or only shared user in central tenant, in case if we need affiliation - we also need to modify processing of USER_DELETED event to delete affiliation from central tenant(shadow user already deleting in this case) | OK: We should create shadow user and affiliation in central tenant ANSWER: We will create both shadow user and affiliation in central tenant during USER_CREATED and so will delete both shadow user and affiliation during processing USER_DELETED |
4 | SN: In case of duplicated usernames is it okay to login user in the central tenant automatically? | SN: For me it's better to login such users in central tenant instead of displaying Bad Credentials OK: We should not allow users to login at all, because we have feature to enforce uniqueness ANSWER: Khamid checked that it is not possible to login to central tenant using shadow user and we have error code username.incorrect in this case, so decided to throw bad_credentials error code for multiple matching users |
5 | SN: If Poppy will be release and mod-consortia should be enabled, newly created users can be inserted un user_tenant table in mod-users without email, phone number and so we need to write some migration script in Q, to fetch all tenants to populate required data. As solution we can mention in release notes that mod-consortia should be disabled for Poppy? | MS: Nobody will use consortia in Poppy release, let's talk to devops on Consortia hosting meeting to not enable this module in Poppy OK: mod-consortia should be disabled by default, how will we deal with optional modules, don't enable them? We should not enable module ANSWER: mod-consortia should be disabled, but even it enabled - it will not save any data, so we are safe here |