search

zalando-stups / kio

The application registry in the STUPS ecosystem
http://docs.stups.io/en/latest/components/kio.html
Other
23 stars 11 forks source link

Support audit criticality levels for application #12

Closed harti2006 closed 9 years ago

harti2006 commented 9 years ago

Each application should have an audit criticality level 1, 2 or 3. 1: Not audit relevant 2: Audit relevant 3: PCI

The criticality level defines the number of required approvers (Level 1 -> 1 Approver, Level 2 and 3 -> 2 approvers)

The default value for each new application is 2. Only a few people should be able to change this.

hjacobs commented 9 years ago

We should not hardcode such criticality levels in Kio, is there a better solution?

harti2006 commented 9 years ago

this is just an interim solution, until we can map criticality to OAuth scopes. It is needed for Tech Controlling to filter relevant apps.