Feature #2685
closed
Display original values of attributes before provisioning changed them
100%
Description
When IdM updates some account on the connected system, we often want to know, how the attributes changed. The provisioning archive displays only new values of the attributes. It would be really useful to add also a new table, which contains the original values of the attributes, before IdM updated them, e.g. here:
- Some AD admin added a user to some AD group. IdM (correctly) removes the group membership when updating the user account. The user asks, why something in AD doesn't work. The helpdesk looks into the provisioning archive and can see, which group was removed from the user. The helpdesk can request for the role in IdM.
- Initial cleaning: IdM starts to manage AD. First update of an account (correctly) sets the attributes, e.g. distinguishedName, displayName, description. For the audit reasons, we would like to know their original values.
- Bug: Incorrect mapping/scripting in IdM causes that some attributes are broken, users are moved to wrong OUs etc. We need to repair the data quickly, so we need to see, what was the correct (original) value.
- Ability to distinguish changes in the attributes with "Send always" flag (https://redmine.czechidm.com/issues/774)
The additional table could be present also in the active provisioning operations. It doesn't matter that it's empty until "Attributes for provisioning" are computed. Also, if the system is read-only, we could immeditaly see what IdM wants to change and how - good for checking when going into production.
This feature was requested also by our partner.
Files
Related issues
Updated by Radek Tomiška almost 4 years ago
- Related to Task #542: Object diffs during provisiong added
Updated by Vít Švanda almost 4 years ago
- Assignee changed from Vít Švanda to Ondrej Husník
Updated by Vít Švanda almost 4 years ago
- Estimated time changed from 16.00 h to 32.00 h
Updated by Ondrej Husník almost 4 years ago
- Status changed from New to In Progress
Updated by Ondrej Husník over 3 years ago
- File ProvisDetail.png ProvisDetail.png added
There was rearranged the look of the provisioning operation detail. It currently contains only one table with 2 columns. The left column contains original values on the system and the right column current values in the IdM with highlighted provisioned values.
The final appearance will be discussed with others during product presentation.
Please could you provide me a feedback.
https://github.com/bcvsolutions/CzechIdMng/commit/a3639275180be45ab88192dd170ffec4d6036ef0
Updated by Ondrej Husník over 3 years ago
- Status changed from In Progress to Needs feedback
- Assignee changed from Ondrej Husník to Vít Švanda
- % Done changed from 0 to 90
Updated by Vít Švanda over 3 years ago
- Assignee changed from Vít Švanda to Radek Tomiška
Updated by Radek Tomiška over 3 years ago
- Assignee changed from Radek Tomiška to Vít Švanda
Updated by Ondrej Husník over 3 years ago
I added help for new reorganized columns as we spoke about.
https://github.com/bcvsolutions/CzechIdMng/commit/929c8e3c894d1da74c7714bbc2a41783e8554a23
Updated by Ondrej Husník over 3 years ago
Some other minor design changes such as small strategy font, etc. has been implemented.
Please check during feedback also this. Thanks.
https://github.com/bcvsolutions/CzechIdMng/commit/c8ae9853725a778fda62cda37a231b336edb6b5d
Updated by Vít Švanda over 3 years ago
- Status changed from Needs feedback to In Progress
Review notes:
- I found potencial problem in method how you pairing idm and system keys. You using regular expression for cut original schema name. This will not worked if schema attribute will contains "()".
- FE: ProvisioningOperations - There are two ESLint warnings.
- Please use our "standard" format for streams - > only one dot on row. (https://github.com/bcvsolutions/CzechIdMng/commit/a3639275180be45ab88192dd170ffec4d6036ef0#diff-7069825c985258388ed78204cd230df23df4cd6714c8080784cec4c2f9866a8fR853-R858)
- In java doc and comments, please use big first letter and dot on the end (I like it more :-) ).
Updated by Ondrej Husník over 3 years ago
- Assignee changed from Vít Švanda to Ondrej Husník
Updated by Ondrej Husník over 3 years ago
- Status changed from In Progress to Needs feedback
- Assignee changed from Ondrej Husník to Vít Švanda
I refactored method responsible for rearranging of data for provisioning detail table. Currently there is also displayed data which is part of the structure with provisioning changes only. The only currently known attribute which acts like this is PASSWORD.
I also fixed used regular expression so that it is possible to have in the schema attribute name also '()' characters. Good tool for regex testing can be found here.
https://www.regextester.com/
https://github.com/bcvsolutions/CzechIdMng/commit/4c6b28c18691309a79926a7c458da10660d6ffb9
Updated by Vít Švanda over 3 years ago
- Status changed from Needs feedback to In Progress
- Assignee changed from Vít Švanda to Ondrej Husník
Nice refactoring, thanks for that. Usecases with password only on "right" side and schema attribut with "(..)" chars in name works well now.
I found new problem in case when attribute is changed to null value. In this case is row now highlight.
Updated by Ondrej Husník over 3 years ago
- Status changed from In Progress to Needs feedback
- Assignee changed from Ondrej Husník to Vít Švanda
Thanks for your finding. I completely missed this test scenario. I changed the approach to the detection of changes which solves the found issue.
https://github.com/bcvsolutions/CzechIdMng/commit/b42e4b9d636e4cf61da84b202cd9f46cdefae6de
Updated by Ondrej Husník over 3 years ago
- Status changed from Needs feedback to In Progress
- Assignee changed from Vít Švanda to Ondrej Husník
- % Done changed from 90 to 80
Updated by Ondrej Husník over 3 years ago
- Status changed from In Progress to Needs feedback
- Assignee changed from Ondrej Husník to Vít Švanda
I implemented arranged changes after product presentation. Mainly switch for showing differences which are to be provisioned and changed that color of the question mark help icon. After some tests and consultation Vitek and KOndra I didn't dealt with confidential attributes in the attribute mapping, because this feature is unsupported for provisioning.
Please could you provide me the feedback?
https://github.com/bcvsolutions/CzechIdMng/commit/81cbbc9b1eb32f3103f3b230c0cd91f65d26d706
Updated by Vít Švanda over 3 years ago
- Status changed from Needs feedback to In Progress
- Assignee changed from Vít Švanda to Ondrej Husník
Works nice. I found two things:
- By discussion from the meeting, should be show only changed attributes by default.
- State of your switch is not reset if I try to open different provisioning (table is filtered/no filtered, but switch is always off).
Updated by Vít Švanda over 3 years ago
- Category changed from Provisioning to UX
Updated by Ondrej Husník over 3 years ago
- Status changed from In Progress to Needs feedback
- Assignee changed from Ondrej Husník to Vít Švanda
Thank you for your bright perception. Only differences are now displayed by default and switch doesn't suffer from previous issue.
Please review it one more time. Thanks
https://github.com/bcvsolutions/CzechIdMng/commit/04bcfe8e8e45b251220c3cbd758caa213f4d51f3
Updated by Vít Švanda over 3 years ago
- Status changed from Needs feedback to Resolved
- Assignee changed from Vít Švanda to Ondrej Husník
- % Done changed from 80 to 100
It works nice. I am glad that question mark is green now :-). LGTM
Updated by Radek Tomiška over 3 years ago
- Status changed from Resolved to Closed