Project

General

Profile

Feature #2014

Add info about account owner in the virtual request and notification

Added by Alena Peterová 9 months ago. Updated 7 months ago.

Status:
Closed
Priority:
High
Assignee:
Category:
Virtual systems
Target version:
Start date:
01/21/2020
Due date:
% Done:

100%

Estimated time:
Milestones:

Description

Please provide more information about the owner (identity) of the account in the virtual request detail.
Implementers now see only information about the account UID (always) and attributes of the account (only in Create/Update). But they sometimes want more information about owners - e.g. their contract validity, department, manager, ....

E.g. info card with a direct link to the identity would be helpful.

requests.png (195 KB) requests.png Vít Švanda, 03/20/2020 12:05 PM
request-detail.png (70.9 KB) request-detail.png Vít Švanda, 03/20/2020 12:13 PM
notification-vs-detail.png (38.9 KB) notification-vs-detail.png Vít Švanda, 03/20/2020 12:15 PM

Related issues

Related to CzechIdM - Task #2194: Optimize owner loading in virtual system requestsClosed04/07/2020

History

#2 Updated by Vít Švanda 9 months ago

  • Priority changed from Normal to High
  • Target version set to 10.2.0

#3 Updated by Alena Peterová 9 months ago

Please consider also this request: the notification e-mail for the implementer contains also direct link to the identity which owns the account.

#4 Updated by Vít Švanda 7 months ago

  • Status changed from New to In Progress

#5 Updated by Vít Švanda 7 months ago

  • % Done changed from 0 to 50

#6 Updated by Vít Švanda 7 months ago

  • Subject changed from Add info about account owner in the virtual request to Add info about account owner in the virtual request and notification

#7 Updated by Vít Švanda 7 months ago

I improved VS request for show target entity = owner of the account.

  • Its implemented for all types what can be synchronized (Identity, Role, ...).
  • Owner info card is shows on table of a VS requests (instead UID) and on the VS request detail.
  • Email notification for show link on identity profil was also improved. This URL is implemented only for Identity!



Commit: https://github.com/bcvsolutions/CzechIdMng/commit/ab5421cf4b186dd6031cdc9436222786ff13ea27

#8 Updated by Alena Peterová 7 months ago

Thanks for this awesome feature!
Just after more discussion with the team (sorry that there was no real discussion before I created this ticket), we need to have the column UID visible as well. The reason is, that some identities may have multiple logins and multiple virtual accounts, e.g. different for every contract. Then the UID and username of the identities are not the same and it would be chaotic for admins. So please don't hide the column UID from the requests list nor from the virtual request detail.

#9 Updated by Vladimír Kotýnek 7 months ago

In many cases the login for the virtual system account is not the same as the IDM login. In some cases we use attributes like e-mail, userPrincipalName or special "outside-IDM-created" login for our virtual systems. UID in this case represents the actual identifier of the account on the system.

#11 Updated by Radek Tomiška 7 months ago

  • Status changed from Needs feedback to In Progress
  • Assignee changed from Radek Tomiška to Vít Švanda

I did test and code review, feature works, thx!

Review notes:
  • I'm not sure loading related account end entity is good to ad into #toDto method:
  • This method is called twice, when detail is shown by controller (get + permissions)
  • This method is called four time, when request is approved by controller
  • in table with 10 requests => 21 sql queries is called (this is just fact, context doesn't help from UI table - we need this data to be loaded)
  • maybe context (~filter) can be used here (as eavs) to prevent load account and entity in internall calls => set context for UI only
  • new column is not shown in next / previous unresolved request table on request detail - I'm not sure, if it's needed. It will be the same i hope so (if uid cannot be changed). If it's redundant, there context (~filter) can be used here too to prevent loading :)
  • I'm not sure about security, but i hope is ok to read related entity (identity, role ...), when some request is on me and i basically cannot read e.g. identity agenda.

If answers to all questions / notes above are NO / NO MATTER, then this ticket can be closed :)

#12 Updated by Vít Švanda 7 months ago

  • Status changed from In Progress to Resolved
  • % Done changed from 90 to 100

I aggre with optimization of owners loading (only from FE). I created task for it #2194.

#13 Updated by Vít Švanda 7 months ago

  • Related to Task #2194: Optimize owner loading in virtual system requests added

#14 Updated by Radek Tomiška 7 months ago

  • Status changed from Resolved to Closed

Also available in: Atom PDF

Go to top