Roles Roadmap

Environment:

  1. Apply Oracle patch  5648872. This should fix the intermittent problems with the PowerBuilder application. (Rob G.)
  2. Move roles db off of Solaris and onto Linux VMware
  3. Migrate DB from ASCII to Unicode (UTF-8)

Support of customer projects:

  1. (done, Summer 2010) SUBJ qualifier heirachy into roles test, followed by roles production. (In support of AMPS and Online Grade submission projects)
  2. (done, Summer 2010) Function category for AMPS course content
  3. (done, Summer 2010) Justification for access to course registration data for AMPS?
  4. Math department - implied authorization usage (waiting to hear back from Math department)
  5. online grade submission (in progress) (Jim Repa is working as the primary contact with the customer - the customer should have needed Functions in place already for "phase 1", but we should follow up in "phase 2" to incorporate implied authorization rules)
  6. Roles to SAP feed: handle people with too many profiles without breaking the entire feed
    1. (improve Roles to SAP feed program to avoid problem of people with too many profiles, and handle error situations without stopping  the whole data feed)
  7. Web app for batch file processing
    1. This was a request from George P.
    2. Paul suggests doing this as a grails application calling the Roles web service
  8. Put rule-driven EHS implied authorizations into production. (EHS implied authorizations used by the Warehouse currently use a pre-rule hard-coded SELECT statements.  The rules facility  has been tested for these EHS authorizations on the test Roles Database.  The rule-driven implied authorizations could be re-tested and moved to production in a few hours.  (The changes required in the rules processing in roles_extauth.pm have already been moved to production, but the rules themselves have not been moved into production.) The AMPS-related rules have already tested rule types 1a and 1b, but the EHS rules will provide a more complete validation.  (This is something Elena would like to see moved to production.)

General service improvements:

  1. Program for defragmenting a qualifier type (qualifier_id number  ranges) This program is written and has been tested on the test Roles DB. It will be useful when qualifiers of a given type run out of their number  range of qualifier_ids.
    1. Things to be added:
      1. Make sure we have good documentation - write a 1-2 page description.
      2. Allow a different option, to support  moving qualifier IDs to a different range (Done)
  2. Expand qualifier code character limit from 15 characters to 64?
    1. Are there stored procedures or feed programs that examine the length of the qualifier code?
      1. Identify the stored procedures that would need updating
    2. Are there applications receiving data that will break if they encounter a qualifier code longer than 15 characters?
      1. Should we try to take an inventory? Or should we create a new view that would filter out codes longer than 15 characters?
  3. Minor enhancements to nightly data feed program for implied Authorizations.  The nightly data feed program extauth.pm needs some minor enhancements to (A) support Function_groups in rule types 1a and 1b (which only support functions, not function_groups now) and (B) filtering out generated implied Authorizations when one Authorization is a subset of the other (e.g., in EHS, function "VIEW ROOM SET INFO" gives a superset of the privileges of "VIEW ROOM SET LIMITED") Part B will filter out some redundant Authorizations in the EHS system - this probably is not essential, but will make the generated implied authorizations less confusing to anyone looking at them.
  4. Add a UI or improve documentation for qualifier sub-types and Related configuration tables (There is no UI for defining qualifier "sub-types" and links to other object types.  Qualifier sub-types definitions are needed for some rule types. Consider either expanding the documentation to better explain this, or write a simple UI to maintain the additional configuration tables, or both.)
  5. Adding web service methods for Qualifier maintenance
    1. Check to see if existing stored procedures are sufficient to support web service "wrappers", or if some enhancements need to be done for server and end-user level authorization checking
  6. Qualifier maintenance
    1. Exploration of moving to real-time qualifier maintenance rather than batch feeds.  Could use existing stored procedures for new web services, but we might want to enhance the stored procedures to update links in primary_auth_descendent table
  7. Improved qualifier schemas - better support for qualifier sub-types (rather than pattern matching of qualifier_codes used in current rules support) and better integration with Master Department Hierarchy
  8. The existing four rule types support requirements for EHS and  Library, but could be made much more powerful if we allowed for  "composite" rules, i.e., rules that "and" together two or more rules of existing types (e.g., you get this implied authorization if two different rule conditions both fit)
  9. Bug fix: Roles Web UI: Allow searching on two character last names. (in progress, 9/2/2010)
  10. Bug fix: Roles Web UI: Problems with HR functions which have ampersands in them.   
  11. Build web-based UI for a few Roles administrators (in IS&T) to maintain server usernames to be added to Kerberos usernames in the Roles DB PERSON table.  Server usernames will be stored in new table EXTRA_USERNAME.  (Done 12/7/2010)
  12. Build a tool to send Email to all Primary Authorizers, possibly supporting different messages for different types of Primary Authorizers.  (Still gathering requirements as of 12/2010).

    Documentation:


  13.  Knowledge  transfer / documentation?
  14. The "ROLES / SAP R/3 PD Org Feed" report Should we improve the output of the report so that it is meaningful to more people?
  15. Do we need more documentation about rule maintenance in general?

    Misc:


  16. Release source to permit (in progress, 9/7/2010)
    1. Marilyn Smith and Steve Buckley have given the go ahead. Pat has provided Paul Hill with the links to the process that must be followed.
    2. Paul Heffernan has been assigned to this task.
  17. accommodate a "2nd qualifier" for some HR authorizations
    1. The use case needs to written up and a review of alternate ways to support the use case  should be examined.
  • No labels