Problem statement :
Current problem with sunbird is any one can create rootOrg,suborg , user , add user to org etc. In long term this will impact system behavior. Another cyclic problem is creating user required organisation and creation organisation required user.As of now we are handling organisation creation using keycloak admin user token.
Proposed Solution :
After successful installation call 'Initialisation' script/curl to create a System admin user inside sunbird and keycloak. Once system admin user is created , he/she can perform following actions
- RootOrg creation : Root org can be created only by system admin
- Admin user for RootOrg : RootOrg admin user can be created only by system admin
- Another system admin : System admin can create another system admin.As created system admin is a special kind of user having very high level of permission , so will create this user in separate realm of keyclaok , by doing that this user can't by able to login as normal user in sunbird.Inside sunbird we can store this user details