Dev Ops - RBAC Design, Config, Testing

[slathrop]

Background

• The recommended naming and breakdown for Roles is as follows
  • One role for global admin access to an entire App within a suite
    • Of the form: [SuiteKey]-[AppKey]-Admin
  • Roles for "Read", "Edit", and "Admin" of each Applet
    • Of the form: [SuiteKey]-[AppKey]-[AppletKey]-[Read|Edit|Admin]

Tasks

• Download the latest API manifest from Azure Portal and compare to the latest saved copy in version control
• Update the manifest file in version control to include all of the required roles
  • Note that the GUID assigned to each role is arbitrary, but must be a newly-created, valid GUID. There's an online generator here
• After completing the changes to the manifest file, upload it to Azure, overwriting the existing manifest in Azure
• Do some tests by assigning a user to some roles and verifying that those roles end up in the App website in the user dropdown menu

Next Steps

• Review front-end auth code in preparation for any follow-on tasks that apply the role config across the entire app
• Review middle-tier auth code in preparation for any follow-on tasks that apply the role config similarly to the back end