Versions Compared

Old Version 4

changes.mady.by.user Sandhra Sokhal

Saved on

compared with

New Version Current

changes.mady.by.user Sandhra Sokhal

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

The user certification process consists of two steps: first, the user must submit a quiz with a minimum passing score, and second, the user is added to the certified group. The certification signifies that the user understands the compliance standards. If ACT detects any suspicious behavior from the user, their certification may be revoked, requiring them to go through the certification process again.

Why should ACT has have the ability to access users' personal data and revoke certification?

...

After creating a Synapse profile and logging into the system, users are prompted to become certified. They must complete a quiz with a minimum required score to pass. Once the quiz is successfully passed, the user is added to the CERTIFIED_USERS group and maintains certification for future use.

API's APIs involved in the process are mentioned below:

Service

Description

Request

Response

GET /certifiedUserTest

Get the test to become a Certified User.

None

Quiz

POST /certifiedUserTestResponse

Submit a response to the Certified User test

QuizResponse

PassingRecord

GET /user/{id}/certifiedUserPassingRecord

Retrieve the Passing Record on the User Certification test for the given user.

None

PassingRecord

API’s APIs only accessed by admin

The below API’s APIs are only for admin and will not be available for ACT. As these API can only be run from a particular Jenkins machineaccessible by Synapse administrators and must be run from within the Sage VPN and are not available to the ACT. These services are only used for testing purposed to setup the user as certified user without submitting the test. They should not be accessible to any other user or team (ACT).

Service

Description

DELETE /admin/certifiedUserTestResponse/{id}

Deletes the test record (We do not want ACT to delete the user’s passed test record)

PUT /admin/user/{id}/certificationStatus

Changes the status of the user by ignoring whether user has passed the test or not. (We do not want ACT to use this service. If ACT uses this service to set the status as REVOKED. we will lose the history, that user has passed the test and ACT wants the user to submit the test again.)

Key

...

considerations

  1. If the user is new and has not previously submitted a quiz, they should be able to submit the test.

  2. If the user has submitted the test but has never achieved a passing score, they should still be able to submit the test.

  3. ACT should be able to revoke a user's certification without deleting the history of the user's test results.

  4. User must pass the test to after ACT has revoked their certification to become certified again.

  5. If the user has previously passed the test, they should be able to submit a new test.

...