Most applications that are created today have one thing in common – users. We are more familiar with the term when its usage applies to end users – for example, on Facebook users can mean people like you and me who’ve created profiles on the platform. However, the term ‘user’ within the context of this article and the subject matter it talks about refers to ‘users’ who exist behind the scenes of an application – users with various levels of access, and all with a specific purpose – from QA, to Ops Engineering. These users are known as the internal users.
For a company, the way it handles its internal users is key. The right people must be given the right permissions to do their jobs. Generally, you’d like to keep unnecessary access to a minimum. This is easier said than done however. When there are several teams involved, working on several aspects, not to mention the usual employee turnover a company has, the management of internal users can become a nightmare.
This is a problem that a few of our interns at Sysco LABS discovered. In this innovation session, Nusry Ahamed, Umesh Jayasinghe, Isuranga Perera and Kavin Ranwella talk about their solution.
Starting off, our team of interns tackled the problem of users having either more permission than needed or less than needed, by creating a tool they dubbed Internal User Management Module. The key thing about this tool is that it is not based on a single account.
The usual workflow for creating an internal user requires Team A to contact the team that handles accounts, and request permission for Member A of their team to receive access. Generally, this requires a few emails, maybe approvals, or tickets created and ca be a bit of a hassle.
The tool that was created to overcome this supports basic operations such as create, update and delete which allows one internal user to create an account for another internal user by assigning a subset of his permissions. Of course, the level of permissions can be modified, and you can’t assign permissions that you yourself don’t have.
The permission hierarchy is as follows:
IUMM is an independent application hosted and called out from the Universal Admin front-end. IUMM contains two major components such as IUMM front-end and back-end. Front-end is written in React.js and Redux to facilitate web view of the application. Back-end is a REST API written in node.js and underneath different ESB services (IDM API, Profile API and etc.) are being used to fulfill business requirements.
Although simple, this workflow does provide an easy way to manage permission across the board. And if you’re a large company that deals with several layers of permission amongst hundreds of staff, this simple tool could be pretty useful.