sig#789 - Enable internal technical User to get multiple roles assigned

[MaximilianHauer]

Description

Currently technical users can get only one role assigned. This is inefficient as we would need to create multiple users for one service if they need multiple roles.
this does not reflect a modern role management.

the core issue is the separation of internal and external user roles .
therefor we would need to adjust the backend to enable the technical user to possess 1:n internal technical roles
but it needs to be ensured that the user can not receive an internal and an external role.

Acceptance Criteria

• Enhance the logic to enable the technical user to have 1:N internal roles
• Ensure that a technical user can only have 1 external role
• Implement validation to prevent a technical user from being assigned both an internal and an external role
• Update the documentation to reflect the new role management capabilities for technical users

Test cases

1. Assign multiple internal roles to a technical user

Description:
Verify that a technical user can be assigned multiple internal roles.

Steps:

1. Create a technical user account.
2. Assign the user with multiple internal roles.
3. Verify that the user has been assigned all the internal roles.

Expected Result:
The technical user should be able to have multiple internal roles assigned.

2. Assign an internal and an external role to a technical user

Description:
Verify that a technical user cannot be assigned both an internal and an external role.

Steps:

1. Create a technical user account.
2. Assign the user with an internal role.
3. Attempt to assign the user with an external role.
4. Verify that the system prevents the assignment of the external role.

Expected Result:
The system should not allow the assignment of both an internal and an external role to a technical user.

3. Assign an external role to a technical user

Description:
Verify that a technical user can be assigned an external role.

Steps:

1. Create a technical user account.
2. Assign the user with an external role.
3. Verify that the user has been assigned the external role.

Expected Result:
The technical user should be able to have an external role assigned.

4. Validate role assignment for a technical user

Description:
Verify that the system validates the role assignment for a technical user and prevents the assignment of both an internal and an external role.

Steps:

1. Create a technical user account.
2. Attempt to assign the user with both an internal and an external role.
3. Verify that the system prevents the assignment of both roles.

Expected Result:
The system should validate the role assignment and prevent the assignment of both an internal and an external role to a technical user.

5. Verify updated documentation

Description:
Verify that the documentation has been updated to reflect the new role management capabilities for technical users.

Steps:

1. Review the updated documentation.
2. Ensure that the documentation clearly explains the new role management capabilities, including the ability to assign multiple internal roles, the restriction on assigning both an internal and an external role, and the validation process.

Expected Result:
The documentation should be updated to accurately reflect the new role management capabilities for technical users.

[MaximilianHauer]

topic solves the first acceptance criteria from

• Allow multiple roles / managed technical users per service  portal-iam#175

[Phil91]

@MaximilianHauer do you remember the endpoint that should be adjusted? I had a look at the code and it seems like that's already possible from backend side but would like to test it again. Currently the only endpoint available for the user is POST: api/administration/serviceaccount/owncompany/serviceaccounts or am I missing one?

[MaximilianHauer]

no this is the only endpoint we call if you try to create a single technical account and assign roles to it.
if its possible then we are fine ;) comment and close

[Phil91]

tested successfully