Restricting a regular user of schema service to create schema with osdu:wks

Since long there has been a pending item in Schema Service backlog to bring some governance/policing on schema creation/update for certain special authority and source.

For example restricting a regular user of schema service (admin, editor or user) should not be able to create schema with authority:source as osdu:wks

Of course bootstrapping for these schemas are still valid. And with MSFT bringing in the new end point /system/schema for bootstrapping OOB schema, upgrades of system schema (OSDU) will also be possible using special privileges and this API.

Keeping these aspects in mind, I think it makes sense to restrict osdu:wks creation or update by regular user via APIs. It would avoid getting into a schema conflict issues for system schemas in various environments.

Following issue might appear/occur if we do not restrict user from creating osdu:wks

1. Schema service bootstraps data definitions schema (osdu:wks) version 1.0.0 as they are approved
2. These schemas are available across all partitions as system/shared schemas
3. Now user intentionally or unintentionally creates osdu:wks:wellbore:2.0.0 schema his/her partition (private schema)
4. Now if data definitions team comes up with new changes in osdu:wks:wellbore schema and bump up the schema version to osdu:wks:wellbore:2.0.0
5. Now when schema service tries to bootstrap these latest schema version it would fail as one of the private partition already has this exact version available. (created in step 3)