-
Task
-
Resolution: Done
-
Critical
-
None
-
None
-
True
-
-
False
-
Unset
-
CRCPLAN-232 - AuthZ | PRBAC v2 Service Provider Migration Initiation (Internal)
-
None
-
-
-
5
-
Access & Management Sprint 96, Access & Management Sprint 97, Access & Management Sprint 98
We can't use the principal's uuid created by RBAC in the relationships, which would mean any permission check would need the UUID from RBAC.
We also don't want to use username because we don't want to store PII in the Relations data, and usernames can change in some circumstances.
The user service user ID (sub value from properly formed tokens) should be used instead.
- Make use of the exported data from IT DBA to populate this.
- Update principal objects to store this information so it can be leveraged by dual write & default group migrator
This will be a ClowderJobInvocation using an RBAC command.
This should probably be combined with RHCLOUD-34859
- depends on
-
RHCLOUD-34860 Create script to export user DB data (user id, username, org id, admin role); run in stage and prod to get
- Closed
- is depended on by
-
RHCLOUD-34511 In order to maintain access continuity, add and maintain tenanted default groups for all tenants and all users
- In Progress
-
RHCLOUD-35448 Start using Principal.user_id for group#member@principal tuples
- Closed