-
Sub-task
-
Resolution: Done
-
Normal
-
None
-
None
-
False
-
-
False
-
Unset
-
CRCPLAN-232 - AuthZ | PRBAC v2 Service Provider Migration Initiation (Internal)
-
-
-
A&M Tech Debt Q10, Access & Management Sprint 95, Access & Management Sprint 95, Access & Management Sprint 96, Access & Management Sprint 97, Access & Management Sprint 98, Access & Management Sprint 99, Access & Management Sprint 100
We'll do a similar protocol as other bulk import / migration processes (like Notifications):
- Pause listener / ongoing sync
- Run import job
- Resume listener
This ensures that disabled users are not re-enabled by the import. If we didn't do this, then this scenario could happen:
- Import job starts with exported state of user 1 as enabled
- User 1 is disabled
- Listener disables user 1
- Import job imports user 1 but prior to disabled state
This would mean user 1 would have access even though they are disabled.
The protocol above prevents this. It requires a toggle which, when off, does NOT consume messages, and when on, resumes consumption from when the toggle was last turned off.
Q&A
How frequent are user events?
About 5-8k / day, see splunk query
`umbbreadcrumb(environment=prod)` | search destination="topic://VirtualTopic.canonical.user*" | timechart count by op
