| Ticket(s) | Title | User Story | Priority | Notes |
|---|
| Account No Longer in Use | As an Administrator, I would like a report that shows if an account has not been used for over X weeks/months. |
| - What is the time period?
- Personal Accounts
- Inactivity for three months on an endpoint is considered inactive
- Functional Accounts
- Inactivity for a month on an endpoint is considered inactive
- If all endpoints are inactive then the API Key should be considered inactive
- Where should we retrieve this data from?
|
| No Longer Associated with the University - Personal Accounts | As an Administrator, I would like a report that shows if a person (email address) is no longer associated with the University. |
| - Where to get this information?
- LDAP?
- Can we create an API for it?
- Possible Campus Identity or SA Identity
- We need to figure out how to determine if they have separated
|
| No Longer Associated with the University - Functional Accounts | As an Administrator, I would like a report that shows if a functional account is no longer in use. |
| - If all the applications associated with a functional account have been revoked/deactived, then the functional account should be considered inactive.
|
| Extra Criteria for Determining if an account should be cleaned up | As an Administrator, do I need to attain other information in order to determine if the account should be cleaned up? |
| - Should their be an attempt to contact the owner?
- We need to email the owner
- We should create reports in Apigee or Google Analytics for this
- Anything else?
|
| The Cleanup Process | As an Administrator, cleaning up an account should ... |
| - I assume Disable the account
- Should we delete it?
- If we detect and account is unused
- Revoke the API Keys for the applications (if not already done so)
- If the account is inactive at UCSB, then Block the account in Drupal
- Send email to the account owner & support@developer
- Ensure only this email is sent and not any of the emails below
- Link to reenable account in Drupal
- If we detect that an application is unusedĀ
- Revoke the API Key for the application
- Revoke the API Access for each endpoint used by the application
- Send email to the account owner & support@developer
- Ensure only this email is sent and not any of the emails below
- Link to reenable API Key
- Update the API Access Request back to Application Retired state
- If we detect that an API is unused by an application
- Revoke access to the API for the application
- Send email to the account owner & support@developer
- Update the API Access Request to no longer include those APIs
|
|
|
|
|
|