As an admin I'd like to test easy admin access to appropriate roles/privileges in Open Forest so that future business can be performed efficiently.

[ASprinkle]

Notes

Connected to program board https://code.fs.usda.gov/forest-service/Open-Forest-Program/issues/190#issue-20798

Previous design/dev work regarding admin user management was completed:

689 with a clickable prototype in preparation for testing prior to learning of EEMS integration plans https://xd.adobe.com/view/7fb194e3-f45f-4517-77e2-f8ded72ef8cf-0980/?fullscreen

Other related closed stories include #856 and #912

All recent admin management documentation is saved in the User Management pinyon folder: https://usfs.box.com/s/axc60zuazso8ec1xadrm7sbd5he092s9

Abdul and Sirisha are developing code on the eAuth side to be added to Open Forest in prep for integration.

Acceptance Criteria

• [x] We've confirmed that we have tested and integrated EEMS in the staging environment

Tasks

• [x] Abdul schedule Code hand off meeting.
• [x] Develop front end to test EEMS integration - Dev team to get code from Sirisha and Abdul
• [x] PO to verify EEMS users and roles are set in EEMS so that access to Open Forest can be tested.
• [x] Schedule tests with MBS Admin Users.
• [x] Test with MBS Admin users.
• [x] Validation of acceptance criteria completed
• [x] PO approved.

Definition of Done

• [x] Pull requests meet technical definition of done
• [x] Compare finished design with mockup
• [x] Usability tested

[abdul-fs]

Update: we created a branch Eauth_add_Roles and thanks to sirisha for adding code header in the code. The header will give us who as admin logged into openforest with their role. there still more work to be done at developer side. We are currently testing this in dev environment.

[mwreiss]

Thank you @abdul-fs and @sirishafs! When the time comes @JonathanLerner54 and I are ready to put a test user in a role within the EEMS management system. So far we are set in the EEMS CERT environment.

[abdul-fs]

Upate: usdaapproles" are empty and working with ICAM on getting values for this attribute

[ASprinkle]

Update from Stand up: Waiting for eAuth, setting up meeting with EEMS to add roles. Matt and Jon are not able to see users portion in EEMS, and they are working to resolve that access/roles issue on our end.

[ASprinkle]

Update from stand up: Super User Roles added for Sirisha. Looking at code changes to get rid of whitelist, requires adding new attributes to the ICAM, meeting with ICAM team tomorrow for adding forest information (a required piece).

[ASprinkle]

update from stand up: deploying changes in dev; once done we can test

[abdul-fs]

Update: we made progress where if the user is not assigned Super user in eauth(EEMS) then the role would be user otherwise an admin.

[abdul-fs]

Update: In order to get rid of whitelist completely we need to have the forest info added in eems

[ASprinkle]

@abdul-fs ok. How do we make sure we get the forest info added in EEMS? Is there something that I should be doing, or someone else on the team should be doing?

[abdul-fs]

@ASprinkle @mwreiss Jon and team are working with EEMs. We sent them dev whitelist on last meeting.

[ASprinkle]

Update from Stand Up: Sirisha has base code in place. Outstanding piece is all the additional roles that need to be created (Since it's all in a flat structure now). Matt et al is talking to ICAM team about adding additional attributes for roles. They have copy of white list so that they can copy the information over. Code on Dev reads roles from eAuth header, and will decide if user is Admin or not. Only dependency right now is that user is on white list. Tests are working. Once ICAM folks add info on header, we can move off of white list completely. Continuing to make progress. There may be approximately 300+ roles looking at all forests... have 20-30 for pilot forests now.

[ASprinkle]

From stand up: Waiting on EEMS to get back to us. EEMS going through some staffing transition right now - @smahmudFS is helping expedite coordination, haven't received any replies from Matt's requests for updates/info.

[mwreiss]

I'm seeing all forest show up after adding super user role. Phase I progress seems to be working as expected. Phase II is required to lock a user down to a specific forest POC1 or POC2 roles. Phase III to address adding the Regional specific role for a forest manager.

[mwreiss]

Phase II testing:

As a POC1 role I'm able to perform all admin functions.

As a POC2 role I'm able to change season dates, that should be removed. I should only be able to generate reports and view feedback.

[briandavidson]

Were there changes to the POC1 role? You're saying now that POC1 should only be able to generate reports and view feedback, but that is not consistent with the User Entity Diagram I received:

[cid:22308e44-fd20-4eef-ae6c-6ac149f7ead2]

---

From: Matt Reiss notifications@github.com Sent: Wednesday, April 8, 2020 10:33:27 AM To: USDAForestService/fs-open-forest-platform Cc: Brian Davidson; Assign Subject: Re: [USDAForestService/fs-open-forest-platform] As an admin I'd like to test easy admin access to appropriate roles/privileges in Open Forest so that future business can be performed efficiently. (#1182)

Phase II testing:

As a POC1 role I'm able to perform all admin functions. I should only be able to generate reports and view feedback.

As a POC2 role I'm able to change season dates, that should be removed.

[image]https://user-images.githubusercontent.com/50459930/78795874-26f8cf80-797b-11ea-9881-ed3eafd34727.png

— You are receiving this because you were assigned. Reply to this email directly, view it on GitHubhttps://github.com/USDAForestService/fs-open-forest-platform/issues/1182#issuecomment-610994839, or unsubscribehttps://github.com/notifications/unsubscribe-auth/ABHSMYEBDZF5GPJFIFWAXHTRLSDLPANCNFSM4KP3PXBQ.

[mwreiss]

Brian, please look and see that the comment was updated.

[carlsonem]

@briandavidson can you please push your latest code on this issue to staging? There is a bug in dev, but we think it might be a result of not all of the connections are setup in the dev environment, so it might simply be resolved when deployed to staging.

[carlsonem]

Need to add the regional roles in place

[briandavidson]

Need to add the regional roles in place

@carlsonem at one point we decided to break out regional roles into it's own issue

This issue is complete and covers getting us to parity with whitelist functionality, as well as the additional functionality for handling POC roles.

[briandavidson]

@abdul-fs @kilara77 @mwreiss @carlsonem @smahmudFS

The code for this issue has been merged into the dev branch and we can proceed with removal of the whitelist on your folks end. 🎉

[abdul-fs]

@briandavidson Thanks brian. the whitelist has been removed from dev and staging. @mwreiss we need to test this with internal and regional admin to confirm the changes and proceed for production.

[mwreiss]

I'm set as FS_Open-Forest_R06 role.

I see forests for Region 1, 2 and 6

[mwreiss]

I'm set as FS_Open-Forest_R01 role:

I see all forests. I expect to see just region 1 forest. Flathead. I'm able to change season dates for all forests and cutting area dates for ARP.

[mwreiss]

@abdul-fs @briandavidson did the recent changes include the regional roles and removal of whitelist. Or just the removal of the whitelist? Thank you!

[briandavidson]

@mwreiss regional roles are outside the scope of this issue. You're looking for 1300.

[Dmac26]

@briandavidson @abdul-fs Have we completed the testing portion of this card with two pilot forests?

[abdul-fs]

@Dmac26 @mwreiss Poc1, poc2 and superuser work as expected. we are good to user management with internal forest users. they access is granted through icams identity management. schedule test with user are tested already but it is good to check with all internal users with admin rights.

[Dmac26]

Hey @aaronburk - it sounds like we haven't done end-user testing on this card and will need to complete that to fully validate. Is that something I can set up? And if so, I'm thinking @Rebekah-Hernandez would be a good one to reach out to seeing as she has set up these testing sessions before. Thank you for any input!