Asynchron Technical User Management - Enhancement of Technical User Deletion

[jjeroch]

Summary

Enhance the asynchronous technical user management system to support secure and effective functionality for deleting technical users. This will ensure that access is revoked when no longer needed and maintain a clean state of the system.

User Stories

User Story 1: Technical User Deletion

As a system administrator,
I want to be able to delete technical users from the system asynchronously,
So that I can ensure that access is revoked when it is no longer needed and maintain a clean state of the system.

Acceptance Criteria:

1. The IT admin (and similar users with the same permissions) must be able to trigger the deletion process through a secure interface.
2. The system must validate the user's permissions before allowing the deletion.
3. The deletion process must be logged with a timestamp and the identity of the administrator.
4. All associated data with the technical user must be either archived or securely deleted as per the data retention policy.
5. The system must confirm the deletion to the administrator once completed.

Tasks

• Design a secure workflow for administrators to request the deletion of technical users.
• Implement permission checks and authorization for deletion requests.
• Develop functionality to archive or delete data associated with the technical user.
• Create a logging mechanism for the deletion process.
• Test the deletion process end-to-end.
• Update the administrator documentation with the new deletion process.

---

Test Cases

Test Case for User Story 1: Technical User Deletion

Test Case 1a: IT Admin Initiates Deletion (synchron tech user - test case already existing)

Objective: Verify that IT admins can initiate the deletion of a technical user through a secure interface.

Steps:

1. Log in as an IT admin.
2. Navigate to the technical user management section.
3. Select a technical user to delete.
4. Initiate the deletion process through the provided interface.

Expected Result:

• The IT admin should be able to access the deletion interface and initiate the deletion process.

Test Case for User Story 1: Technical User Deletion

Test Case 1b: IT Admin Initiates Deletion (asynchron tech user - similar like 1a but with no direct deletion feedback)

Objective: Verify that IT admins can initiate the deletion of a technical user through a secure interface.

Steps:

1. Log in as an IT admin.
2. Navigate to the technical user management section.
3. Select a technical user to delete.
4. Initiate the deletion process through the provided interface.

Expected Result:

• The IT admin should be able to access the deletion interface and initiate the deletion process.

Test Case 2: Permission Validation

Objective: Ensure that the system validates the user's permissions before allowing technical user deletion.

Steps:

1. Log in as a user without IT admin permissions.
2. Attempt to initiate the deletion of a technical user.

Expected Result:

• The system should not allow the user to initiate the deletion process and should display an appropriate error message.

Test Case 3: Deletion Logging

Objective: Confirm that the deletion process is logged with a timestamp and the identity of the administrator.

Steps:

1. Log in as an IT admin.
2. Delete a technical user.
3. Check the logs for the deletion record.

Expected Result:

• The logs should contain an entry for the deletion with a timestamp and the identity of the admin.

Test Case 4: Data Archiving or Deletion

Objective: Verify that all data associated with the technical user is either archived or securely deleted.

Steps:

1. Log in as an IT admin.
2. Delete a technical user who has associated data.
3. Verify whether the data is archived or deleted as per the data retention policy.

Expected Result:

• The associated data should be either archived or securely deleted, with no residual data left in the system.

Test Case 5: Deletion Confirmation (only for the asynchron case needed; in the synchron case the user gets in 1a direct feedback)

Objective: Check that the system confirms the deletion to the administrator once completed.
Pre-Step: Test Case 1b

Steps:

1. Log in as an IT admin.
2. Open the technical user management page
3. Validate successful deletion of the respective tech user

Expected Result:

• The system should confirm the successful deletion to the admin.

---

Linked Tickets:

Frontend

• sig#803: Add Technical User "Status" inside the technical user management page portal-frontend#944
• sig#803: user feedback deletion asynchron technical user portal-frontend#950
• sig#803: Remove the Filter Inactive from technicalUserManagement portal-frontend#983
• sig#803: enhance frontend technical user by a new status "pending deletion" portal-frontend#988

Backend

• sig#803 Enable deletion of pending technical accounts portal-backend#949
• sig#803 - Implement Housekeeping job to delete technical user  portal-backend#953
• sig#803: API Enhancement - Deletion of External Technical Users portal-backend#809
• sig#803 - deletion of asynchronous technical user does not change status to PENDING_DELETION portal-backend#950

to be checked - likely one of the backend endpoints need some additional enhancements as well, for the FE response message handling

[jjeroch]

Decision: pushed the feature from 24.08. to 24.12 to ensure stability.
The US implementation are ongoing; not yet in a state to provide them for 24.08. release.

Milestone will be updated to 24.12. in open planning

[evegufy]

Committers:
@evegufy
@Phil91
@ntruchsess
@oyo

[MaximilianHauer]

topic enhanced by the following stories:

• sig#803 - Deletion of technical user during connector deletion  portal-backend#967
• sig#803 Display all status in the "Managed" "Owned" filter  portal-frontend#1068
• sig#803 - Enable deletion of a connectior without deleting the tec user portal-backend#966
• sig#803 - Adjust Delete connector with technical User Popup  portal-frontend#1065
• sig#803 Connector Management - Technical User selection resetting after input fields are updated portal-frontend#1064