Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Story: Disable User Accounts #441

Closed
15 tasks done
jonnalley opened this issue Sep 12, 2022 · 4 comments
Closed
15 tasks done

Story: Disable User Accounts #441

jonnalley opened this issue Sep 12, 2022 · 4 comments
Assignees
Labels
security-privacy-compliance Work needed around Security, Privacy, or Compliance story A defined user story adhering to expected norms including a narrative

Comments

@jonnalley
Copy link
Contributor

jonnalley commented Sep 12, 2022

User Story

As an OPS System Admin, I want to disable or remove named users for OPS so that I can better control who is accessing and using OPS and meet all requisite compliance needs.

Acceptance Criteria

  • A user account can be marked as disabled and then re-enabled an indefinite number of times with appropriate log or event history entries recording metadata of each action
    • A notable exception to this should be that the user (User Admin) may not disable their own user account if there are no other active users possessing the System Admin role.
  • A user can view a list of pre-existing user accounts which are active
  • A user can view a list of pre-existing user accounts which include both active/enabled and inactive/disabled accounts.
  • A user that's marked as disabled will not succeed in an attempt to log in to OPS

Tasks

UX Design/Research:

Dev:

  • Create persistent store schema related to the concept of a user account's binary status
  • Create backend code related to the retrieval, listing, and updating of a user account's status
  • Create frontend code related to the retrieval, listing, and updating of a user account's status

Definition of Done Checklist

  • UI works as designed (UX team)
  • PR(s) have been merged to main
  • Design/tech debt eliminated
  • New design/tech debt documented (if applicable)
  • Build process updated
  • Documentation updated or added
  • Feature flags/toggles created

Additional Context & Resources

  • This is "locking" in the database. As opposed to "inactive"
  • This story does not cover topics related to using the users for anything or tying to 3rd party authn/IdP services, etc...
  • A "user" in this context mentioned in the Acceptance Criteria refers to a human consumer of OPS, not a logged in or authenticated user. This is a bootstrapping effort to get RBAC/User management in place
  • Will we need outbound email to confirm the action?
@jonnalley jonnalley added draft draft only, not ready for prime time. still being authored or needs refinement story A defined user story adhering to expected norms including a narrative labels Sep 12, 2022
@jonnalley jonnalley added security-privacy-compliance Work needed around Security, Privacy, or Compliance and removed draft draft only, not ready for prime time. still being authored or needs refinement labels Jun 10, 2024
@johndeange johndeange self-assigned this Jul 11, 2024
@kimschulke
Copy link
Contributor

kimschulke commented Jul 15, 2024

Users that don't log in for 60 days will become inactive users. If this is a mistake and that person needs access again, the system admins would need a way to enable them again. (users deactivated after 60 days would be a separate user story)

Should employees leaving OPRE also become inactive users... or should there be another process for this use case? for example, disable vs deactivate

We dont want to delete inactive users because we want to maintain their data in OPS

@jonnalley
Copy link
Contributor Author

I updated #2104 to handle the 60-day auto disable

@johndeange
Copy link
Contributor

@kimschulke - If the user turns in their PIV and cannot log into AMS that would effectively prevent them from logging into OPS. Also, for the case where their AMS account is still active the User's status can be set to LOCKED which will prevent them from logging into OPS.

@jonnalley
Copy link
Contributor Author

8/12

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
security-privacy-compliance Work needed around Security, Privacy, or Compliance story A defined user story adhering to expected norms including a narrative
Projects
None yet
Development

No branches or pull requests

3 participants