Skip to content
GitLab
Projects Groups Snippets
  • /
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
  • Sign in
  • S Schema
  • Project information
    • Project information
    • Activity
    • Labels
    • Members
  • Repository
    • Repository
    • Files
    • Commits
    • Branches
    • Tags
    • Contributors
    • Graph
    • Compare
    • Locked Files
  • Issues 24
    • Issues 24
    • List
    • Boards
    • Service Desk
    • Milestones
    • Iterations
    • Requirements
  • Merge requests 8
    • Merge requests 8
  • CI/CD
    • CI/CD
    • Pipelines
    • Jobs
    • Schedules
    • Test Cases
  • Deployments
    • Deployments
    • Environments
    • Releases
  • Packages and registries
    • Packages and registries
    • Package Registry
    • Container Registry
    • Infrastructure Registry
  • Monitor
    • Monitor
    • Incidents
  • Analytics
    • Analytics
    • Value stream
    • CI/CD
    • Code review
    • Insights
    • Issue
    • Repository
  • Wiki
    • Wiki
  • Snippets
    • Snippets
  • Activity
  • Graph
  • Create a new issue
  • Jobs
  • Commits
  • Issue Boards
Collapse sidebar
  • Open Subsurface Data Universe SoftwareOpen Subsurface Data Universe Software
  • Platform
  • System
  • Schema
  • Issues
  • #62
Closed
Open
Issue created Aug 05, 2021 by Paresh Behede@pbehedeMaintainer

Restricting a regular user of schema service to create schema with osdu:wks

Since long there has been a pending item in Schema Service backlog to bring some governance/policing on schema creation/update for certain special authority and source.

For example restricting a regular user of schema service (admin, editor or user) should not be able to create schema with authority:source as osdu:wks

Of course bootstrapping for these schemas are still valid. And with MSFT bringing in the new end point /system/schema for bootstrapping OOB schema, upgrades of system schema (OSDU) will also be possible using special privileges and this API.

Keeping these aspects in mind, I think it makes sense to restrict osdu:wks creation or update by regular user via APIs. It would avoid getting into a schema conflict issues for system schemas in various environments.

Following issue might appear/occur if we do not restrict user from creating osdu:wks

  1. Schema service bootstraps data definitions schema (osdu:wks) version 1.0.0 as they are approved
  2. These schemas are available across all partitions as system/shared schemas
  3. Now user intentionally or unintentionally creates osdu:wks:wellbore:2.0.0 schema his/her partition (private schema)
  4. Now if data definitions team comes up with new changes in osdu:wks:wellbore schema and bump up the schema version to osdu:wks:wellbore:2.0.0
  5. Now when schema service tries to bootstrap these latest schema version it would fail as one of the private partition already has this exact version available. (created in step 3)
Assignee
Assign to
Time tracking