In order to establish a coherent process for requesting permissions, we needed a web based tool that fits certain requirements:
From a users perspective, it must be easy to access to tool itself, easy to use and as self-explanatory as possible.
Also, the user must be able to request permissions for multiple products/services at once.
And, of course, not only for himself but others as well.
From an admins perspective, you want to get notified about new requests, have all relevant data in a nice overview and be able to easily accept or reject them. You also want a list of all known users and their cumulated, granted permissions. And, of course, an audit-log!
- AAD SSO integration
- Request permissions for self or others
- Simple and self-explanatory UI
- Audit-log
- Mail-notification for new, granted and refused requests
- Expiry-notification
- Userpermission overview
- List own Requests
- Show granted Permissions
- List soon expiring permissions
- Edit permission requests
- Sync Azure Devops Projects
- Config-Option to limit valid mail-suffixes
- Docker
- MySQL or MariaDB
There are some areas, where company-specific details are used/required.
You need to change those placeholders:
- azure-pipelines.yml -> you might want to specify your registry
- resources/static/toolbox.js (isValidTargetUserMail) -> checks the valid mail-domains in the frontend
- resources/messages.xml (notification.request.created.text) -> URL to where the tool is hosted
- resources/messages_de.xml (notification.request.created.text) -> URL to where the tool is hosted
- resources/messages_en.xml (notification.request.created.text) -> URL to where the tool is hosted
- resources/templates/adoSettings.html -> link to project in ADO
- resources/application.properties -> well ...obviously
- resources/database.mysql.schema/db-initial-data.sql -> must be adapted to your needs/environment
