A manual step is required to run this script as an administrator.
There is a race condition on merging pull requests. When a pull request is merged with a change to these permissions, a deploy is started which will fail. An administrator then needs to update permissions for that user, and then the build needs to be restarted.
From a security perspective, this also means:
Permission changes are included in large pull requests, which means they may not receive the added scrutiny that changes to permissions should likely undergo.
A fix for this would be to track this user and its permissions in a separate location. We may want to rely on infrastructure which is court-wide to manage these permissions. This would:
Require this dependency to be specifically stated ("this pull request depends on permissions introduced in X")
Would separate these changes from larger application changes, giving them the added scrutiny as mentioned above
Allow them to be run automatically, if desired.
The downside to this approach would be that EF-CMS would need to reference another place to determine how to set up its deployment steps. I think this downside is worth the benefits above.
We currently have the permissions for the user used in deployment managed through code in this repository.
This means:
From a security perspective, this also means:
A fix for this would be to track this user and its permissions in a separate location. We may want to rely on infrastructure which is court-wide to manage these permissions. This would:
The downside to this approach would be that EF-CMS would need to reference another place to determine how to set up its deployment steps. I think this downside is worth the benefits above.