Project

General

Profile

Actions

Feature #2685

closed

Display original values of attributes before provisioning changed them

Added by Alena Peterová almost 4 years ago. Updated over 3 years ago.

Status:
Closed
Priority:
High
Assignee:
Ondrej Husník
Category:
UX
Target version:
Start date:
02/12/2021
Due date:
% Done:

100%

Estimated time:
32.00 h
Owner:

Description

When IdM updates some account on the connected system, we often want to know, how the attributes changed. The provisioning archive displays only new values of the attributes. It would be really useful to add also a new table, which contains the original values of the attributes, before IdM updated them, e.g. here:

Use cases:
  • Some AD admin added a user to some AD group. IdM (correctly) removes the group membership when updating the user account. The user asks, why something in AD doesn't work. The helpdesk looks into the provisioning archive and can see, which group was removed from the user. The helpdesk can request for the role in IdM.
  • Initial cleaning: IdM starts to manage AD. First update of an account (correctly) sets the attributes, e.g. distinguishedName, displayName, description. For the audit reasons, we would like to know their original values.
  • Bug: Incorrect mapping/scripting in IdM causes that some attributes are broken, users are moved to wrong OUs etc. We need to repair the data quickly, so we need to see, what was the correct (original) value.
  • Ability to distinguish changes in the attributes with "Send always" flag (https://redmine.czechidm.com/issues/774)

The additional table could be present also in the active provisioning operations. It doesn't matter that it's empty until "Attributes for provisioning" are computed. Also, if the system is read-only, we could immeditaly see what IdM wants to change and how - good for checking when going into production.


This feature was requested also by our partner.


Files

provisioning_old_values.png (38.9 KB) provisioning_old_values.png Alena Peterová, 02/12/2021 02:48 PM
ProvisDetail.png (54.7 KB) ProvisDetail.png Ondrej Husník, 03/26/2021 10:54 AM

Related issues

Related to IdStory Identity Manager - Task #542: Object diffs during provisiongNewVít Švanda06/27/2017

Actions
Actions #1

Updated by Alena Peterová almost 4 years ago

  • Description updated (diff)
Actions #2

Updated by Radek Tomiška almost 4 years ago

  • Related to Task #542: Object diffs during provisiong added
Actions #3

Updated by Radek Tomiška almost 4 years ago

  • Target version set to 11.0.0
Actions #4

Updated by Radek Tomiška almost 4 years ago

  • Estimated time set to 16.00 h
Actions #5

Updated by Vít Švanda almost 4 years ago

  • Assignee changed from Vít Švanda to Ondrej Husník
Actions #6

Updated by Vít Švanda almost 4 years ago

  • Estimated time changed from 16.00 h to 32.00 h
Actions #7

Updated by Ondrej Husník almost 4 years ago

  • Status changed from New to In Progress
Actions #8

Updated by Ondrej Husník over 3 years ago

There was rearranged the look of the provisioning operation detail. It currently contains only one table with 2 columns. The left column contains original values on the system and the right column current values in the IdM with highlighted provisioned values.

The final appearance will be discussed with others during product presentation.
Please could you provide me a feedback.
https://github.com/bcvsolutions/CzechIdMng/commit/a3639275180be45ab88192dd170ffec4d6036ef0

Actions #9

Updated by Ondrej Husník over 3 years ago

  • Status changed from In Progress to Needs feedback
  • Assignee changed from Ondrej Husník to Vít Švanda
  • % Done changed from 0 to 90
Actions #10

Updated by Vít Švanda over 3 years ago

  • Assignee changed from Vít Švanda to Radek Tomiška
Actions #11

Updated by Radek Tomiška over 3 years ago

  • Assignee changed from Radek Tomiška to Vít Švanda
Actions #12

Updated by Ondrej Husník over 3 years ago

Actions #13

Updated by Ondrej Husník over 3 years ago

Some other minor design changes such as small strategy font, etc. has been implemented.
Please check during feedback also this. Thanks.

https://github.com/bcvsolutions/CzechIdMng/commit/c8ae9853725a778fda62cda37a231b336edb6b5d

Actions #14

Updated by Vít Švanda over 3 years ago

  • Status changed from Needs feedback to In Progress

Review notes:

Actions #15

Updated by Ondrej Husník over 3 years ago

  • Assignee changed from Vít Švanda to Ondrej Husník
Actions #16

Updated by Ondrej Husník over 3 years ago

  • Status changed from In Progress to Needs feedback
  • Assignee changed from Ondrej Husník to Vít Švanda

I refactored method responsible for rearranging of data for provisioning detail table. Currently there is also displayed data which is part of the structure with provisioning changes only. The only currently known attribute which acts like this is PASSWORD.
I also fixed used regular expression so that it is possible to have in the schema attribute name also '()' characters. Good tool for regex testing can be found here.
https://www.regextester.com/

https://github.com/bcvsolutions/CzechIdMng/commit/4c6b28c18691309a79926a7c458da10660d6ffb9

Actions #17

Updated by Vít Švanda over 3 years ago

  • Status changed from Needs feedback to In Progress
  • Assignee changed from Vít Švanda to Ondrej Husník

Nice refactoring, thanks for that. Usecases with password only on "right" side and schema attribut with "(..)" chars in name works well now.

I found new problem in case when attribute is changed to null value. In this case is row now highlight.

Actions #18

Updated by Ondrej Husník over 3 years ago

  • Status changed from In Progress to Needs feedback
  • Assignee changed from Ondrej Husník to Vít Švanda

Thanks for your finding. I completely missed this test scenario. I changed the approach to the detection of changes which solves the found issue.

https://github.com/bcvsolutions/CzechIdMng/commit/b42e4b9d636e4cf61da84b202cd9f46cdefae6de

Actions #19

Updated by Ondrej Husník over 3 years ago

  • Status changed from Needs feedback to In Progress
  • Assignee changed from Vít Švanda to Ondrej Husník
  • % Done changed from 90 to 80
Actions #20

Updated by Ondrej Husník over 3 years ago

  • Status changed from In Progress to Needs feedback
  • Assignee changed from Ondrej Husník to Vít Švanda

I implemented arranged changes after product presentation. Mainly switch for showing differences which are to be provisioned and changed that color of the question mark help icon. After some tests and consultation Vitek and KOndra I didn't dealt with confidential attributes in the attribute mapping, because this feature is unsupported for provisioning.

Please could you provide me the feedback?
https://github.com/bcvsolutions/CzechIdMng/commit/81cbbc9b1eb32f3103f3b230c0cd91f65d26d706

Actions #21

Updated by Vít Švanda over 3 years ago

  • Status changed from Needs feedback to In Progress
  • Assignee changed from Vít Švanda to Ondrej Husník

Works nice. I found two things:

  1. By discussion from the meeting, should be show only changed attributes by default.
  2. State of your switch is not reset if I try to open different provisioning (table is filtered/no filtered, but switch is always off).
Actions #22

Updated by Vít Švanda over 3 years ago

  • Category changed from Provisioning to UX
Actions #23

Updated by Ondrej Husník over 3 years ago

  • Status changed from In Progress to Needs feedback
  • Assignee changed from Ondrej Husník to Vít Švanda

Thank you for your bright perception. Only differences are now displayed by default and switch doesn't suffer from previous issue.
Please review it one more time. Thanks

https://github.com/bcvsolutions/CzechIdMng/commit/04bcfe8e8e45b251220c3cbd758caa213f4d51f3

Actions #24

Updated by Vít Švanda over 3 years ago

  • Status changed from Needs feedback to Resolved
  • Assignee changed from Vít Švanda to Ondrej Husník
  • % Done changed from 80 to 100

It works nice. I am glad that question mark is green now :-). LGTM

Actions #25

Updated by Radek Tomiška over 3 years ago

  • Status changed from Resolved to Closed
Actions

Also available in: Atom PDF