ADR - Entitlements - Additional attributes in list groups on behalf of API
ADR - Entitlements - Expose ROLE in list all groups API
Status
-
Proposed -
Trialing -
Under review -
Approved -
Retired
Context & Scope
The /members/<member_email>/groups
API allows to query entitlement group memberships for a specific user.
"groups": [
{
"name": "service.search.user",
"description": "Datalake Search users",
"email": "service.search.user@opendes.contoso.com"
},
{
"name": "users.datalake.ops",
"description": "Datalake ops",
"email": "users.datalake.ops@opendes.contoso.com"
}
Decision
Expand response with the attribute ROLE
for each group. Example:
"groups": [
{
"name": "service.search.user",
"description": "Datalake Search users",
"email": "service.search.user@opendes.contoso.com",
"role": "OWNER"
},
{
"name": "users.datalake.ops",
"description": "Datalake ops",
"email": "users.datalake.ops@opendes.contoso.com",
"role": "MEMBER"
}
Rationale
Increase governance capabilities. Improve OSDU Admin UI which now uses statically configured "MEMBER" as role for each group, even though that is not the true role:
private getUserGroups(type: string = 'none') {
this.restService
.getUsersAccessRights(this.user.id, type)
.subscribe((groups: OsduGroup[]) => {
console.log('Got ', groups.length, ' groups');
this.groups = groups.map((g) => ({
email: g.email,
role: 'MEMBER',
}));
this.filterGroups(this.searchControl.value);
console.log(this.filteredGroups);
});
console.log(this.filteredGroups);
}
Edited by Eirik Haughom