Feature #2685
closed
Display original values of attributes before provisioning changed them
Added by Alena Peterová almost 4 years ago.
Updated over 3 years ago.
Description
When IdM updates some account on the connected system, we often want to know, how the attributes changed. The provisioning archive displays only new values of the attributes. It would be really useful to add also a new table, which contains the original values of the attributes, before IdM updated them, e.g. here:
Use cases:
- Some AD admin added a user to some AD group. IdM (correctly) removes the group membership when updating the user account. The user asks, why something in AD doesn't work. The helpdesk looks into the provisioning archive and can see, which group was removed from the user. The helpdesk can request for the role in IdM.
- Initial cleaning: IdM starts to manage AD. First update of an account (correctly) sets the attributes, e.g. distinguishedName, displayName, description. For the audit reasons, we would like to know their original values.
- Bug: Incorrect mapping/scripting in IdM causes that some attributes are broken, users are moved to wrong OUs etc. We need to repair the data quickly, so we need to see, what was the correct (original) value.
- Ability to distinguish changes in the attributes with "Send always" flag (https://redmine.czechidm.com/issues/774)
The additional table could be present also in the active provisioning operations. It doesn't matter that it's empty until "Attributes for provisioning" are computed. Also, if the system is read-only, we could immeditaly see what IdM wants to change and how - good for checking when going into production.
This feature was requested also by our partner.
Files
- Description updated (diff)
- Related to Task #542: Object diffs during provisiong added
- Target version set to 11.0.0
- Estimated time set to 16.00 h
- Assignee changed from Vít Švanda to Ondrej Husník
- Estimated time changed from 16.00 h to 32.00 h
- Status changed from New to In Progress
There was rearranged the look of the provisioning operation detail. It currently contains only one table with 2 columns. The left column contains original values on the system and the right column current values in the IdM with highlighted provisioned values.
The final appearance will be discussed with others during product presentation.
Please could you provide me a feedback.
https://github.com/bcvsolutions/CzechIdMng/commit/a3639275180be45ab88192dd170ffec4d6036ef0
- Status changed from In Progress to Needs feedback
- Assignee changed from Ondrej Husník to Vít Švanda
- % Done changed from 0 to 90
- Assignee changed from Vít Švanda to Radek Tomiška
- Assignee changed from Radek Tomiška to Vít Švanda
- Status changed from Needs feedback to In Progress
- Assignee changed from Vít Švanda to Ondrej Husník
- Status changed from In Progress to Needs feedback
- Assignee changed from Ondrej Husník to Vít Švanda
- Status changed from Needs feedback to In Progress
- Assignee changed from Vít Švanda to Ondrej Husník
Nice refactoring, thanks for that. Usecases with password only on "right" side and schema attribut with "(..)" chars in name works well now.
I found new problem in case when attribute is changed to null value. In this case is row now highlight.
- Status changed from In Progress to Needs feedback
- Assignee changed from Ondrej Husník to Vít Švanda
- Status changed from Needs feedback to In Progress
- Assignee changed from Vít Švanda to Ondrej Husník
- % Done changed from 90 to 80
- Status changed from In Progress to Needs feedback
- Assignee changed from Ondrej Husník to Vít Švanda
I implemented arranged changes after product presentation. Mainly switch for showing differences which are to be provisioned and changed that color of the question mark help icon. After some tests and consultation Vitek and KOndra I didn't dealt with confidential attributes in the attribute mapping, because this feature is unsupported for provisioning.
Please could you provide me the feedback?
https://github.com/bcvsolutions/CzechIdMng/commit/81cbbc9b1eb32f3103f3b230c0cd91f65d26d706
- Status changed from Needs feedback to In Progress
- Assignee changed from Vít Švanda to Ondrej Husník
Works nice. I found two things:
- By discussion from the meeting, should be show only changed attributes by default.
- State of your switch is not reset if I try to open different provisioning (table is filtered/no filtered, but switch is always off).
- Category changed from Provisioning to UX
- Status changed from In Progress to Needs feedback
- Assignee changed from Ondrej Husník to Vít Švanda
- Status changed from Needs feedback to Resolved
- Assignee changed from Vít Švanda to Ondrej Husník
- % Done changed from 80 to 100
It works nice. I am glad that question mark is green now :-). LGTM
- Status changed from Resolved to Closed
Also available in: Atom
PDF
