fieldenms
Security Matrix: security tokens + auditability
Description
Security tokens need to be introduced for entity SecurityRoleAssociation to improve the access granularity for Security Matrix instead of having all or nothing approach.
In addition, to extend generic auditing of changes to Security Matrix, entity SecurityRoleAssociation needs to become activatable, support for deletion removed, and the logic for removing token access should be changed to deactivating corresponding instances of SecurityRoleAssociation instead of deleting them. The absence of an instance of SecurityRoleAssociation for a role/token association should still be supported as presently. This will ensure ease of migration to the updated lifecycle.
-
[x] 1.
SecurityRoleAssociation_CanRead_Tokenshould be used to control the ability to load Security Matrix and readSecurityRoleAssociation. -
[x] 2.
SecurityRoleAssociation_CanReadModel_Tokenshould be used to control the ability to read the model information aboutSecurityRoleAssociation. -
[x] 3.
SecurityRoleAssociation_CanSave_Tokenshould be used to control the ability to saveSecurityRoleAssociation. -
[x] 4. Make
SecurityRoleAssociationactivatable and adjust the logic for removing token access to deactivated instances instead of removing them. -
[x] 5. Provide the relevant unit test.
This issue should likely be implemented after #2421 is merged, or as a branch off Issue-#2421.
Change overview
New security tokens were added to guard viewing and editing of the Security Matrix.
A user who cannot view the Security Matrix will see the following window:
A user who can view but cannot save edited security tokens will see the following error:
A user who tries to disable editing or viewing of the Security Matrix for themselves will see the following error:
Expected outcome
Improved security control and support for generic auditing of changes to SecurityRoleAssociation. Please not that the work associated with actually enabling auditing of SecurityRoleAssociation should be covered by a separate issue.
