This is a list of tasks and changes that needs to be done before we can say that Storage support system users.
Additional Information
This issue is based on the analysis performed in #471.
Usecase: A system user (representing a user - i.e. sending a party-id) instantiates an instance and populates it with data. E.g. The MVA-report.
Tasks
Authorizaion
[x] Update to a version of the Altinn.Common.PEP package with support for SystemUser authorization (version later than v4.0.0)
[ ] Update all custom Authorization logic to include system user as AccessSubject in Authorization requests.
The assumption is that we're mostly using the PEP package and the containing DecisionHelper, but there might be exceptions.
Metadata updates:
[ ] Search for places where the Intance.CreatedBy property is set. Update the logic to use the organization number of the system owner when caller is a system.
[ ] Search for places where the Intance.LastChangedBy property is set. Update the logic to use the organization number of the system owner when caller is a system.
[ ] Search for places where the DataElement.CreatedBy property is set. Update the logic to use the organization number of the system owner when caller is a system.
[ ] Search for places where the DataElement.LastChangedBy property is set. Update the logic to use the organization number of the system owner when caller is a system.
[ ] Expand the PlatformUser class with properties for: SystemUserId (guid), SystemUserOwner (string) and SystemUserName.
[ ] Search for all usage (assignments) of the PlatformUser class and populate the new properties when data is available.
[ ] Update the logic setting the ProcessHistoryItem.PerformedBy property to support an InstanceEvent created with a system user.
[ ] Update IdentityTelemetryFilter to handle system users
Description
This is a list of tasks and changes that needs to be done before we can say that Storage support system users.
Additional Information
This issue is based on the analysis performed in #471.
Usecase: A system user (representing a user - i.e. sending a party-id) instantiates an instance and populates it with data. E.g. The MVA-report.
Tasks
Authorizaion
Metadata updates:
Authentication
Not decided yet (optional future improvement):
Acceptance criteria: