prime-simplereport icon indicating copy to clipboard operation
prime-simplereport copied to clipboard
verified publisher icon CDCgov

Initiate rolling migration, phase 1

Open mehansen opened this issue 1 year ago • 0 comments

Background

We would like to migrate user roles, org membership, and facility membership to be stored within the SimpleReport app, as opposed to managing it in Okta. This will increase stability of the app and improve code readability and extensibility, among other benefits. The goal of this ticket is to begin the migration of user role data into our tables.

Change requested

Change the code that updates user role and facility/org membership in Okta to also update our data. Create entries in the ApiUserFacility and ApiUserRole tables or update existing entries.

Acceptance criteria

  • if I update a user's role or organization through any means, they should be moved to the correct role groups within Okta (no change from current behavior)
  • if I update a user's role or organization through any means, the user's role and org ID should be accurately reflected in the ApiUserRole table
  • if I update a user's facility access through any means, they should be moved to the correct facility groups within Okta (no change from current behavior)
  • if I update a user's facility access through any means, the user's facility access should be accurately reflected in the ApiUserFacility table

Updating a user's role or organization or facility access can happen via:

  • the Manage users page in the org admin settings
  • the Manage users page in the support admin page
  • certain graphQL mutations called by the above 2 pages (there may also be extra mutations laying around that we should be aware of)

Dependencies

  • #7594

Open questions

Q: What did we decide to do for representing that a user has ALL_FACILITY access? A: this would be a role assignment reflected as a row in the ApiUserRole table What kind of audit logging (if any) do we want to do for this?

Notes

Need to touch base with support to reiterate that they should not modify users or groups in Okta at all since this will cause data to be out of sync.

Additional context

Main design doc Design doc - backend Design doc - data migration plan Okta migration tickets plan Okta tech talk Okta tech talk part 2

mehansen avatar Apr 23 '24 22:04 mehansen