Open amplifi opened 7 years ago
Thanks @amplifi
Secondary (for discussion): Deactivating a user should strip that account of its current permissions across all orgs/projects.
But it is not possible to access to those orgs/projects using this account while it is deactivated, right? If we strip permission across orgs/projects, wouldn't we need to resume them when the account is reactivated?
Not sure what it's best solution though...
@dpalomino Yes, if we strip user permissions when an account is deactivated, the account would then need to be re-added to its org/projects. Ironically, under tutelary this could be automated because it retains a full permissions history for each user, so the 'Re-activate' button could easily reapply the user's last known permission set. A similar audit history could (and should) be maintained under our replacement permissions implementation, which would allow us to restore permissions.
Steps to reproduce the error
Deactivated users can be added to organizations and projects.
Expected behavior
Deactivated users should require re-activation prior to being added to organizations and projects. This currently exacerbates a performance issue in demo, and is poor security practice.
Secondary (for discussion): Deactivating a user should strip that account of its current permissions across all orgs/projects.