Admin User Management - User & Permissions Management Scenarios

Owned by Former user (Deleted)
Last updated: 15 Dec 2017
2 min read

Scenarios

  • Manual create a new user profile
  • Manual remove a user profile
  • Automated profile removal
  • Edit a user profile


As part of Development, the following permissions have currently been set: /wiki/spaces/TISDEV/pages/111116298


Process NameAM-1 Create New User Profile (manual)Comments
DescriptionOnce a new user has been imported via Oriel, or has been added to one of the internal HEE teams, a new profile is required so that they can loginNon-tis / manual process
Actors

System Admin (TIS Team)

HR

TBC
Pre-Conditions

Notification received by team to set up new user on TIS

Relevant authorisation given to create user

How should requests be made? Reuben Noot (Deactivated)
Post-ConditionsUser profile setup on TIS
Process Steps
  1. Login to Keyclock
  2. Add new user
  3. Assign applicable permissions for role
  4. Notify individual or applicant that user profile is available

Alternative ProcessAutomated profile creation (trainees only)Is it possible to automate this process?
Rules
  • usual Keycloak rules
  • user must have authorisation to proceed 

Authorisation to be defined

Request process to be defined

Jira Reference

Audit log

Process NameAM-2 Remove a user profile (manual)
DescriptionRemove user access to TIS
Actors

System admin (TIS team)

HR

TBC

Pre-ConditionsUser should have access rights terminated via HR or line manager
Post-ConditionsUser should no longer be able to login
Process Steps
  1. Login to Keyclock
  2. Remove user
  3. Notify individual or applicant that user profile is now unavailable

Alternative ProcessAM-3 Remove a user profile (automated)Is it possible to automate this process?
Rules
  • Present error message when user attempts login

WIll users be restricted to using HEE / NHS email address?

Can they change this at any point?

Is audit log data retained and can it still be displayed on the front end once a profile has been removed?

Do login attempts need to be tracked?

Jira Reference

Audit log



Process NameAM-3 Remove a user profile (automated)
DescriptionRemove user access to TIS
ActorsTIS system
Pre-ConditionsUser should have access rights terminated via HR or line manager
Post-ConditionsUser should no longer be able to login
Process Steps
  1. User is flagged as "inactive" in TIS / ERS
Is this possible? to be discussed with Graham
Alternative ProcessAM-2 Remove a user profile (manual)
Rules
  • Notify HR when 
Does anyone need to be notified when this occurs?
Jira Reference

Audit log



Process NameEdit user profile
DescriptionEdit an existing user profile
Actors

System Admin

User


Pre-Conditions

User already on TIS user database

User request approved by relevant individual


Post-Conditions

Process Steps
  1. User requests additional access
  2. System admin team receives requeset & authorisation
  3. Login to Keyclock
  4. Find user
  5. Assign applicable permissions according to request
  6. Notify individual or applicant that user profile is updated
Do we need SLAs defined for this?
Alternative ProcessN/A
RulesN/A
Jira Reference

Audit log

Slack: https://hee-nhs-tis.slack.com/
Jira issues: https://hee-tis.atlassian.net/issues/?filter=14213