Kuali Rice Development
  1. Kuali Rice Development
  2. KULRICE-7799

Create a separate permission for accessing the new super user tab

    Details

    • Type: Improvement Improvement
    • Status: Closed Closed
    • Priority: Critical Critical
    • Resolution: Fixed
    • Affects Version/s: 2.1
    • Fix Version/s: 2.1.2
    • Component/s: Development
    • Security Level: Public (Public: Anyone can view)
    • Labels:
      None
    • Similar issues:
      KULRICE-7938Data for Creating a separate permission for accessing the new super user tab
      KULRICE-8300problems with implementation of super user tab
      KULRICE-8252Permission check for super user tab seems to be using the wrong namespace
      KULRICE-13015Create necessary tests for Super User tab
      KULRICE-14165Super User Validations on Documents
      KULRICE-13077Investigate Implementing Super User Screen
      KULRICE-13093Super user action should not check next action after Take Selected Actions button is selected
      KULRICE-3396can't create new Permission as user 'admin', results in Incident Report
      KULRICE-6896Create Simpler SuperUser Tab for Documents
      KULRICE-8859Tabs - Create Accessible Tab Structure
    • Rice Module:
      KEW, KIM
    • Application Requirement:
      KFS
    • KAI Review Status:
      Not Required
    • KTI Review Status:
      Not Required

      Description

      After further discussion it's become clear that the expectation was that the new super user tab available on documents would be governed by a separate permission. This would allow us to assign this limited permission to functional users who we might specifically want to lock out of the more robust super user screen. I failed to include this requirement in the original specifications for this enhancement so today the tab has the same permissions as the regular super user screen.

      Thinking the permission template can be KR-NS Administer Routing for Document (same as the KR-WKFLW version) and should include document type, route node and action type (approve action request, approve document, disapprove document, or *).

      1. B1_KR_LOAD_ALL_RuleTmpls.xml
        0.6 kB
        Shannon Hess
      2. C2_KR_LOAD_ALL_Normal_grps.xml
        0.5 kB
        Shannon Hess
      3. countryaxct.xml
        2 kB
        Shannon Hess
      4. G1_KR_LOAD_ALL_NORMAL_Rules.xml
        2 kB
        Shannon Hess

        Issue Links

          Activity

          Hide
          Ailish Byrne added a comment -

          IU jira proposing contribution: https://uisapp2.iu.edu/jira-prd/browse/EN-2868. wanted to get this trackable for our implementation.

          Show
          Ailish Byrne added a comment - IU jira proposing contribution: https://uisapp2.iu.edu/jira-prd/browse/EN-2868 . wanted to get this trackable for our implementation.
          Hide
          Matt Sargent added a comment - - edited

          Talked with the KFS folks about this to clarify the need for a separate/new permission and the following is the result of those discussions.

          The need for a new permission template is based on the fact that the original spirit of this request was aimed at providing a new tool to a separate set of super users from what we have normally considered in the past; those two being the more technical superuser and a separate basic functional one. The super user document search provides a multitude of impacting options including the option to bypass post processor logic, cancel documents, and approve entire route nodes. Because of this, its implementation has resulted in documents being messed up.

          While not implemented a such in 2.1, the new tab was expected to provide a more functional and streamlined tool for super users while at the same time giving applications further options for limiting what actions a super user could take.

          Proposals of implementing document type policies would have the undesirable impact of disabling some super user functions from all types of super users. Additional adding new options to the existing super user permission template would also negatively affect all super users instead of the two separate groups of super users that are being considered.

          Knowing all this, the original request to create a new permission template that governs the superuser tab on its own seems to be the only solution. To meet the applications need for enhanced control, the template should include permission detail options for document type, route node, and action type.

          Show
          Matt Sargent added a comment - - edited Talked with the KFS folks about this to clarify the need for a separate/new permission and the following is the result of those discussions. The need for a new permission template is based on the fact that the original spirit of this request was aimed at providing a new tool to a separate set of super users from what we have normally considered in the past; those two being the more technical superuser and a separate basic functional one. The super user document search provides a multitude of impacting options including the option to bypass post processor logic, cancel documents, and approve entire route nodes. Because of this, its implementation has resulted in documents being messed up. While not implemented a such in 2.1, the new tab was expected to provide a more functional and streamlined tool for super users while at the same time giving applications further options for limiting what actions a super user could take. Proposals of implementing document type policies would have the undesirable impact of disabling some super user functions from all types of super users. Additional adding new options to the existing super user permission template would also negatively affect all super users instead of the two separate groups of super users that are being considered. Knowing all this, the original request to create a new permission template that governs the superuser tab on its own seems to be the only solution. To meet the applications need for enhanced control, the template should include permission detail options for document type, route node, and action type.
          Hide
          Eric Westfall added a comment -

          Setting the fix version on this to 2.1.3 and assigning to Shannon.

          Show
          Eric Westfall added a comment - Setting the fix version on this to 2.1.3 and assigning to Shannon.
          Hide
          Shannon Hess added a comment - - edited

          To test, locally ingest the attached files and run the SQL below (Can be changed to test different permissions)

          FOUND IN /rice/scripts/upgrades/2.1 to 2.2/db-updates/2012-08-21.sql

          INSERT INTO KRIM_TYP_T(KIM_TYP_ID, OBJ_ID, VER_NBR, NM, SRVC_NM, ACTV_IND, NMSPC_CD)
            VALUES('100', '9d1189174c6d497e87f3529f9a4eeff8', 1, 'Document Type, Routing Node and Action Event', 'documentTypeAndNodeAndActionEventService', 'Y', 'KR-SYS')
          /
          
          INSERT INTO KRIM_PERM_TMPL_T (ACTV_IND,KIM_TYP_ID,NM,NMSPC_CD,OBJ_ID,PERM_TMPL_ID,VER_NBR)
            VALUES ('Y','100','Administer Routing for Document','KR-NS','c7b97a18581c8a51e040ea0a491a4272','100',1)
          /
          

          Other testing data:

          INSERT INTO KRIM_PERM_T(PERM_ID, OBJ_ID, VER_NBR, PERM_TMPL_ID, NMSPC_CD, NM, DESC_TXT, ACTV_IND)
            VALUES(KRIM_PERM_ID_S.NEXTVAL, SYS_GUID(), 1, '100', 'KR-NS', 'Administer Routing for Document', 'Allows users to open RICE documents via the Super search option in Document Search and take Administrative workflow actions on them (such as approving the document, approving individual requests, or sending the document to a specified route node).', 'Y')
          /
          
          insert into krim_perm_attr_data_t
          (attr_data_id, perm_id, kim_typ_id, kim_attr_defn_id, attr_val, ver_nbr, obj_id)
          values (krim_attr_data_id_s.NEXTVAL,
                  (Select PERM_ID from KRIM_PERM_T where NMSPC_CD = 'KR-NS' and  NM = 'Administer Routing for Document'),
                  (select kim_typ_id from krim_typ_t where nm = 'Document Type, Routing Node and Action Event' and nmspc_cd = 'KR-SYS'),
                  (select kim_attr_defn_id from krim_attr_defn_t where nm = 'documentTypeName'),
                  'CountryMaintenanceDocument',1,SYS_GUID())
          /
          
          insert into krim_perm_attr_data_t
          (attr_data_id, perm_id, kim_typ_id, kim_attr_defn_id, attr_val, ver_nbr, obj_id)
          values (krim_attr_data_id_s.NEXTVAL,
                  (Select PERM_ID from KRIM_PERM_T where NMSPC_CD = 'KR-NS' and  NM = 'Administer Routing for Document'),
                  (select kim_typ_id from krim_typ_t where nm = 'Document Type, Routing Node and Action Event' and nmspc_cd = 'KR-SYS'),
                  (select kim_attr_defn_id from krim_attr_defn_t where nm = 'routeNodeName'),
                  'TEST.Trip.MotorPool',1,sys_guid())
          /
          
          insert into krim_perm_attr_data_t
          (attr_data_id, perm_id, kim_typ_id, kim_attr_defn_id, attr_val, ver_nbr, obj_id)
          values (krim_attr_data_id_s.NEXTVAL,
                  (Select PERM_ID from KRIM_PERM_T where NMSPC_CD = 'KR-NS' and  NM = 'Administer Routing for Document'),
                  (select kim_typ_id from krim_typ_t where nm = 'Document Type, Routing Node and Action Event' and nmspc_cd = 'KR-SYS'),
                  (select kim_attr_defn_id from krim_attr_defn_t where nm = 'actionEvent'),
                  'approve',1,sys_guid())
          /
          
          Show
          Shannon Hess added a comment - - edited To test, locally ingest the attached files and run the SQL below (Can be changed to test different permissions) FOUND IN /rice/scripts/upgrades/2.1 to 2.2/db-updates/2012-08-21.sql INSERT INTO KRIM_TYP_T(KIM_TYP_ID, OBJ_ID, VER_NBR, NM, SRVC_NM, ACTV_IND, NMSPC_CD) VALUES('100', '9d1189174c6d497e87f3529f9a4eeff8', 1, 'Document Type, Routing Node and Action Event', 'documentTypeAndNodeAndActionEventService', 'Y', 'KR-SYS') / INSERT INTO KRIM_PERM_TMPL_T (ACTV_IND,KIM_TYP_ID,NM,NMSPC_CD,OBJ_ID,PERM_TMPL_ID,VER_NBR) VALUES ('Y','100','Administer Routing for Document','KR-NS','c7b97a18581c8a51e040ea0a491a4272','100',1) / Other testing data: INSERT INTO KRIM_PERM_T(PERM_ID, OBJ_ID, VER_NBR, PERM_TMPL_ID, NMSPC_CD, NM, DESC_TXT, ACTV_IND) VALUES(KRIM_PERM_ID_S.NEXTVAL, SYS_GUID(), 1, '100', 'KR-NS', 'Administer Routing for Document', 'Allows users to open RICE documents via the Super search option in Document Search and take Administrative workflow actions on them (such as approving the document, approving individual requests, or sending the document to a specified route node).', 'Y') / insert into krim_perm_attr_data_t (attr_data_id, perm_id, kim_typ_id, kim_attr_defn_id, attr_val, ver_nbr, obj_id) values (krim_attr_data_id_s.NEXTVAL, (Select PERM_ID from KRIM_PERM_T where NMSPC_CD = 'KR-NS' and NM = 'Administer Routing for Document'), (select kim_typ_id from krim_typ_t where nm = 'Document Type, Routing Node and Action Event' and nmspc_cd = 'KR-SYS'), (select kim_attr_defn_id from krim_attr_defn_t where nm = 'documentTypeName'), 'CountryMaintenanceDocument',1,SYS_GUID()) / insert into krim_perm_attr_data_t (attr_data_id, perm_id, kim_typ_id, kim_attr_defn_id, attr_val, ver_nbr, obj_id) values (krim_attr_data_id_s.NEXTVAL, (Select PERM_ID from KRIM_PERM_T where NMSPC_CD = 'KR-NS' and NM = 'Administer Routing for Document'), (select kim_typ_id from krim_typ_t where nm = 'Document Type, Routing Node and Action Event' and nmspc_cd = 'KR-SYS'), (select kim_attr_defn_id from krim_attr_defn_t where nm = 'routeNodeName'), 'TEST.Trip.MotorPool',1,sys_guid()) / insert into krim_perm_attr_data_t (attr_data_id, perm_id, kim_typ_id, kim_attr_defn_id, attr_val, ver_nbr, obj_id) values (krim_attr_data_id_s.NEXTVAL, (Select PERM_ID from KRIM_PERM_T where NMSPC_CD = 'KR-NS' and NM = 'Administer Routing for Document'), (select kim_typ_id from krim_typ_t where nm = 'Document Type, Routing Node and Action Event' and nmspc_cd = 'KR-SYS'), (select kim_attr_defn_id from krim_attr_defn_t where nm = 'actionEvent'), 'approve',1,sys_guid()) /
          Hide
          Shannon Hess added a comment -

          Attaching files to be used locally for testing

          Show
          Shannon Hess added a comment - Attaching files to be used locally for testing
          Hide
          Shannon Hess added a comment -

          Currently there is no way to approve the whole document, as this was not a part of the superuser tab on the doc. Does this need to be added? I'm going to ahead and close this issue, if there are other bugs not related to "Creating a separate permission for accessing the new super user tab" please create a new JIRA.

          Thanks!
          Shannon

          Show
          Shannon Hess added a comment - Currently there is no way to approve the whole document, as this was not a part of the superuser tab on the doc. Does this need to be added? I'm going to ahead and close this issue, if there are other bugs not related to "Creating a separate permission for accessing the new super user tab" please create a new JIRA. Thanks! Shannon
          Hide
          Shannon Hess added a comment -

          Reopening because I forgot to change the fix version

          Show
          Shannon Hess added a comment - Reopening because I forgot to change the fix version
          Hide
          Shannon Hess added a comment -

          Need to update the SQL in /rice/scripts/upgrades/2.1 to 2.2/db-updates/2012-08-21.sql to the following:

          INSERT INTO KRIM_TYP_T(KIM_TYP_ID, OBJ_ID, VER_NBR, NM, SRVC_NM, ACTV_IND, NMSPC_CD)
            VALUES((SELECT (max(to_number(KIM_TYP_ATTR_ID)) + 1) from KRIM_TYP_ATTR_T where KIM_TYP_ATTR_ID is not NULL and regexp_like(KIM_TYP_ATTR_ID, '^[1-9][0-9]{0,3}$')), 
                     sys_guid(), 1, 'Document Type, Routing Node and Action Event', 'documentTypeAndNodeAndActionEventService', 'Y', 'KR-SYS')
          /
          
          INSERT INTO KRIM_PERM_TMPL_T (ACTV_IND,KIM_TYP_ID,NM,NMSPC_CD,OBJ_ID,PERM_TMPL_ID,VER_NBR)
            VALUES ('Y',
            (SELECT KIM_TYP_ID FROM KRIM_TYP_T where NM = 'Document Type, Routing Node and Action Event' and SRVC_NM = 'documentTypeAndNodeAndActionEventService'), 'Administer Routing for Document', 'KR-NS', sys_guid(), 
            (SELECT (max(to_number(perm_tmpl_id)) + 1) from krim_perm_tmpl_t where perm_tmpl_id is not NULL and regexp_like(perm_tmpl_id, '^[1-9][0-9]{0,3}$')), 1)
          /
          

          Need to update the SQL in /rice/scripts/upgrades/2.1 to 2.2/db-updates/mysql-2012-08-21.sql to the following:

          
          INSERT INTO KRIM_TYP_T(KIM_TYP_ID, OBJ_ID, VER_NBR, NM, SRVC_NM, ACTV_IND, NMSPC_CD)
            VALUES((select KIM_TYP_ID from (select (max(cast(KIM_TYP_ID as decimal)) + 1) as KIM_TYP_ID from KRIM_TYP_T where cast(KIM_TYP_ID as decimal) < 10000) as tmptable), 
                     uuid(), 1, 'Document Type, Routing Node and Action Event', 'documentTypeAndNodeAndActionEventService', 'Y', 'KR-SYS')
          /
          
          INSERT INTO KRIM_PERM_TMPL_T (ACTV_IND,KIM_TYP_ID,NM,NMSPC_CD,OBJ_ID,PERM_TMPL_ID,VER_NBR)
            VALUES ('Y',
            (SELECT KIM_TYP_ID FROM KRIM_TYP_T where NM = 'Document Type, Routing Node and Action Event' and SRVC_NM = 'documentTypeAndNodeAndActionEventService'), 'Administer Routing for Document', 'KR-NS', uuid(), 
            (select perm_tmpl_id from (select (max(cast(perm_tmpl_id as decimal)) + 1) as perm_tmpl_id from krim_perm_tmpl_t where perm_tmpl_id is not NULL and perm_tmpl_id rlike '^[1-9][0-9]{0,3}$' ) as tmptable), 1)
          /
          
          Show
          Shannon Hess added a comment - Need to update the SQL in /rice/scripts/upgrades/2.1 to 2.2/db-updates/2012-08-21.sql to the following: INSERT INTO KRIM_TYP_T(KIM_TYP_ID, OBJ_ID, VER_NBR, NM, SRVC_NM, ACTV_IND, NMSPC_CD) VALUES((SELECT (max(to_number(KIM_TYP_ATTR_ID)) + 1) from KRIM_TYP_ATTR_T where KIM_TYP_ATTR_ID is not NULL and regexp_like(KIM_TYP_ATTR_ID, '^[1-9][0-9]{0,3}$')), sys_guid(), 1, 'Document Type, Routing Node and Action Event', 'documentTypeAndNodeAndActionEventService', 'Y', 'KR-SYS') / INSERT INTO KRIM_PERM_TMPL_T (ACTV_IND,KIM_TYP_ID,NM,NMSPC_CD,OBJ_ID,PERM_TMPL_ID,VER_NBR) VALUES ('Y', (SELECT KIM_TYP_ID FROM KRIM_TYP_T where NM = 'Document Type, Routing Node and Action Event' and SRVC_NM = 'documentTypeAndNodeAndActionEventService'), 'Administer Routing for Document', 'KR-NS', sys_guid(), (SELECT (max(to_number(perm_tmpl_id)) + 1) from krim_perm_tmpl_t where perm_tmpl_id is not NULL and regexp_like(perm_tmpl_id, '^[1-9][0-9]{0,3}$')), 1) / Need to update the SQL in /rice/scripts/upgrades/2.1 to 2.2/db-updates/mysql-2012-08-21.sql to the following: INSERT INTO KRIM_TYP_T(KIM_TYP_ID, OBJ_ID, VER_NBR, NM, SRVC_NM, ACTV_IND, NMSPC_CD) VALUES((select KIM_TYP_ID from (select (max( cast (KIM_TYP_ID as decimal)) + 1) as KIM_TYP_ID from KRIM_TYP_T where cast (KIM_TYP_ID as decimal) < 10000) as tmptable), uuid(), 1, 'Document Type, Routing Node and Action Event', 'documentTypeAndNodeAndActionEventService', 'Y', 'KR-SYS') / INSERT INTO KRIM_PERM_TMPL_T (ACTV_IND,KIM_TYP_ID,NM,NMSPC_CD,OBJ_ID,PERM_TMPL_ID,VER_NBR) VALUES ('Y', (SELECT KIM_TYP_ID FROM KRIM_TYP_T where NM = 'Document Type, Routing Node and Action Event' and SRVC_NM = 'documentTypeAndNodeAndActionEventService'), 'Administer Routing for Document', 'KR-NS', uuid(), (select perm_tmpl_id from (select (max( cast (perm_tmpl_id as decimal)) + 1) as perm_tmpl_id from krim_perm_tmpl_t where perm_tmpl_id is not NULL and perm_tmpl_id rlike '^[1-9][0-9]{0,3}$' ) as tmptable), 1) /

            People

            • Assignee:
              Shannon Hess
              Reporter:
              Damon Dorsey
            • Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:

                Structure Helper Panel