Table of Contents | ||
---|---|---|
|
Personas
UsersUser: The personas logged into Synapse. Every user logged into Synapse must obtain certification from Synapse the system before being able to perform any actions such as uploading or downloading. Certification is mandatory for all the Synapse users to ensure proper system utilization.
ACT: Sage Access & Compliance Team is a specialized group within the organization tasked with overseeing and ensuring adherence to access control policies and compliance regulations. The team plays a critical role in safeguarding sensitive data and maintaining the integrity of systems and processes.
...
The user certification process consists of two steps: first, the user must submit a quiz with a minimum passing score, and second, the user is added to the certified group. The certification signifies that the user understands the compliance standards. However, if If ACT suspects detects any suspicious activity behavior from the user, the their certification may be revoked, necessitating the user to undergo requiring them to go through the certification process again.
Why should ACT has have the ability to access users' personal data and revoke certification?
...
After creating a Synapse profile and logging into the system, users are prompted to become certified. They must complete a quiz with a minimum required score to pass. Once the quiz is successfully passed, the user is added to the CERTIFIED_USERS group and maintains certification for future use.
API APIs involved in the process are followingmentioned below:
Service | Description | Request | Response |
---|---|---|---|
Get the test to become a Certified User. | None | ||
Submit a response to the Certified User test | |||
Retrieve the Passing Record on the User Certification test for the given user. | None |
API’s APIs only accessed by admin
The below API APIs are only for admin and will not be available for ACT. As these API can only be run from a particular Jenkins machine. These service accessible by Synapse administrators and must be run from within the Sage VPN and are not available to the ACT. These services are only used for testing purposed to setup the user as certified user without submitting the test. They should not be accessible to any other user or team (ACT).
Service | Description |
---|---|
DELETE /admin/certifiedUserTestResponse/{id} | Delete Deletes the test recordsrecord (We do not want ACT to delete the users user’s passed test record) |
PUT /admin/user/{id}/certificationStatus | Changes the status of the user by ignoring wether whether user has passed the test or not. ((We do not want ACT to use this service. If ACT use uses this service to set the status as REVOKED. we will lose the history, that user has passed the test and ACT wants the user to submit the test again.) |
Key
...
considerations
If the user is new and has not previously submitted a quiz, they should be able to submit the test.
If the user has submitted the test but has never achieved a passing score, they should still be able to submit the test.
ACT should be able to revoke users a user's certification without deleting the history of the users user's test results.
User must pass the test to after ACT has revoked their certification to become certified again.
If the user has previously passed the test, they should be able to submit a new test.
...
The new API will allow ACT to revoke certification of a user. Specifically, it will the update the user's latest passing record by changing the new boolean revoked=true and isCertified= false and update the revokedOn= now.
...
Possible states of a passing record
...
of the user
Passed | Revoked | isCertified |
---|---|---|
True | False | True |
False | False | False |
True | True | False |
...
We should backfill the existing data with revoked= false , revoked_on = None and isCertified= passedtrue/false.