Restricting a regular user of schema service to create schema with osdu:wks
Since long there has been a pending item in Schema Service backlog to bring some governance/policing on schema creation/update for certain special authority and source.
For example restricting a regular user of schema service (admin, editor or user) should not be able to create schema with authority:source as osdu:wks
Of course bootstrapping for these schemas are still valid. And with MSFT bringing in the new end point /system/schema for bootstrapping OOB schema, upgrades of system schema (OSDU) will also be possible using special privileges and this API.
Keeping these aspects in mind, I think it makes sense to restrict osdu:wks creation or update by regular user via APIs. It would avoid getting into a schema conflict issues for system schemas in various environments.
Following issue might appear/occur if we do not restrict user from creating osdu:wks
- Schema service bootstraps data definitions schema (osdu:wks) version 1.0.0 as they are approved
- These schemas are available across all partitions as system/shared schemas
- Now user intentionally or unintentionally creates osdu:wks:wellbore:2.0.0 schema his/her partition (private schema)
- Now if data definitions team comes up with new changes in osdu:wks:wellbore schema and bump up the schema version to osdu:wks:wellbore:2.0.0
- Now when schema service tries to bootstrap these latest schema version it would fail as one of the private partition already has this exact version available. (created in step 3)