Problem statement :
Current problem with sunbird is any one can create rootOrg,suborg , user , add user to org etc. In long term this will impact system behavior. Another cyclic problem is creating user required organisation and creation organisation required user.As of now we are handling organisation creation using keycloak admin user token.
Proposed Solution :
After successful installation call 'Initialisation' script/curl to create a System admin user inside sunbird and keycloak. Once system admin user is created , he/she can perform following actions
- RootOrg creation : Root org can be created only by system admin
- Admin user for RootOrg : RootOrg admin user can be created only by system admin
Another system admin : System admin can create another system adminAs created system admin is a special kind of user having very high level of permission , so will create this user in separate realm of keyclaok , by doing that this user can't by able to login as normal user in sunbird.
Inside sunbird we can store this user details either in user Table or some new tables (sys_admin) both is having there own pros and cons.
Storing System admin details in user table:
Pros:
* No need to maintain any new table.
* System admin is a user itself , so logically it should be saved in user table.
Cons:
* It won't have all the access as normal user , We need to add unnecessary check other api's
* User search , here we need to hide system admin details
* Open-saber should not store system admin user details.
Storing System admin details in different table (Sys-admin)
Pros:
* Details will be separate out from normal user
* Easy to Manage their actions
Cons:
* Overhead of one more table management