As a developer of notify, I would like to be confident that only sanctioned system changes are being done on our systems so that we can deliver a high-integrity solution to users.
WHY are we building?
We have identified that some of the administration tools we use (Hasura) is not auditing CRUD operations that are run manually by notify devs. This creates the possibility for malicious actors to do damage without our knowledge.
WHAT are we building?
Create an ADR that outlines what tools we use that should be audited, and provide a strategy for how to ensure that they are audited on a regular basis (Maybe part of OL duties)
VALUE created by our solution
Close to the business, what's the value?
Acceptance Criteria
Given some context, when (X) action occurs, then (Y) outcome is achieved.
[ ] Generate appropriate log messages so that executions of this feature can be tracked
[ ] Can misuse of this feature cause harm? If yes, create an alert
[ ] Update the status of related findings, insights, and hypotheses on the Research Airtable
[ ] Once change/fix/feature is implemented, link relevant Airtable records to design artifacts (Figma)
Description
As a developer of notify, I would like to be confident that only sanctioned system changes are being done on our systems so that we can deliver a high-integrity solution to users.
WHY are we building?
We have identified that some of the administration tools we use (Hasura) is not auditing CRUD operations that are run manually by notify devs. This creates the possibility for malicious actors to do damage without our knowledge.
WHAT are we building?
Create an ADR that outlines what tools we use that should be audited, and provide a strategy for how to ensure that they are audited on a regular basis (Maybe part of OL duties)
VALUE created by our solution
Close to the business, what's the value?
Acceptance Criteria
Given some context, when (X) action occurs, then (Y) outcome is achieved.
[ ] Generate appropriate log messages so that executions of this feature can be tracked
[ ] Can misuse of this feature cause harm? If yes, create an alert
[ ] Update the status of related findings, insights, and hypotheses on the Research Airtable
[ ] Once change/fix/feature is implemented, link relevant Airtable records to design artifacts (Figma)
Privacy considerations
Security controls in place
Measuring success and metrics
QA Steps