Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

FEATURE REQUEST: Field to Mark Users as Inactive and Hide from View #1348

Open
mayszs opened this issue Aug 20, 2024 · 1 comment
Open

FEATURE REQUEST: Field to Mark Users as Inactive and Hide from View #1348

mayszs opened this issue Aug 20, 2024 · 1 comment
Labels
enhancement New feature or request

Comments

@mayszs
Copy link

mayszs commented Aug 20, 2024

Is your feature request related to a problem? Please describe.
There is a requirement in DoD Applications to "delete" users after a period of inactivity or when access is no longer required. This is an auditable function and trying to explain the reason that all historical users need to remain in the system and that access is actually controlled externally will be incredibly difficult if accepted at all.

Describe the solution you'd like
Add a "Disabled" checkbox to a User, just like Administrator currently exists. When selected all collection grants should be automatically removed and the user should no longer appear on the default user page under administration or in any of the assignment dropdowns.

Describe alternatives you've considered
Attempts to explain how permissions and assess are actually managed have had mixed results and is likely to have negative impacts on inspection results.
@mayszs mayszs added the enhancement New feature or request label Aug 20, 2024
@cd-rite
Copy link
Collaborator

cd-rite commented Sep 25, 2024

Hi @mayszs We have a similar issue (#1099) that I will close and we will use this one for tracking
We are considering approaches to this. The "unregister user" button currently just removes all user grants, but will maintain a user record for attribution purposes. It also leaves the user available for NEW grants, and clutters the User Assignment interface in cases where you know that User will never again access the system.

As you know, overall access to the App is controlled by the OIDC Provider, and this behavior can't really change. We can't really "disable" a user in the app, because we are being specifically told by the OIDC Provider that they CAN access the system (Because it gave them an access token!). But, perhaps an "Ineligible for Grants" flag could be added to the User record that will be used to exclude users from the various grant assignment pull-downs.
The User Management interface could also be modified to include a filter, on by default, that excludes users with that flag.
In this case, a User that was "Ineligible for Grants" would be able to access the system but with no Grants, would only be able to browse the STIG library, which could be a legitimate use case.

@cd-rite cd-rite mentioned this issue Sep 25, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
STIG Manager - Current Priorities
Status: Todo
Milestone
No milestone
Development

No branches or pull requests
2 participants
@cd-rite @mayszs