Workspaces RBAC and the UDLC Toolkit

Version: 6.70+

UDLC Release Date: December 1, 2022 for most customers

Overview

Updates to Unqork’s UDLC Toolkit will be released in all lower environments (Staging, UAT, QA) representing the first phase in a series of security improvements to the UDLC Toolkit through the implementation of RBAC (role-based access control). Some UDLC tools have been refactored to leverage Unqork’s existing Environment-Role RBAC, as well as the new WSRBAC (Workspaces Role-Based Access Control). Doing so allows Administrators to assign permissions at the Workspace level. Other UDLC tools will be soft-deprecated due to low levels of utilization and to reduce maintenance overhead.

RBAC-Enabled Tools

Tools that have been refactored to integrate RBAC include:

For additional information on how these tools will behave with the addition of RBAC, see the section below: Using RBAC-Enabled UDLC tools.

Tools to Be Soft-Deprecated

On January 10, 2023 the following tools are scheduled for soft-deprecation:

Soft deprecation means:

  • Removing access to the UDLC homepage on existing environments.

  • Module Settings set to NO ACCESS on existing environments.

  • No longer included in provisioning of new environments.

A later phase of full deprecation will follow soft-deprecation, at a time TBD in Q1 2023.

For any questions regarding these updates to the UDLC, please reach out to customer support.

Using RBAC-Enabled UDLC Tools

The following section outlines how each RBAC-enabled UDLC tool will behave with and without WSRBAC.

Release Management Dashboard Tool

Previously any Creator could access this tool and promote applications in any workspace. Going forward, this tool will leverage Environment Role RBAC and WSRBAC.

If using Environment Roles only (not using WSRBAC):

  • Any Creator Role will be able to Create a Tagged Release.

  • Only Creators with Promote permissions will be able to Promote a Tagged Release.

    To learn more about granting Promote permissions, see our Creator Role Administration.

If using WSRBAC:

  • Creators must have at least Can View access to the UDLC Toolkit: Workspaces Dashboard.

  • Creators must have Can Manage access to the appropriate Workspace(s).

Bug Fixes & Enhancements

The following bug fixes and enhancements have also been made to the Release Management Dashboard tool:

  • Fixed an issue where when selecting elements to promote, Select All Checkboxes for Modules and Data Collections functioned incorrectly.

  • Updated helper text throughout the tool to provide more clarity to end-users and the functionality.

  • Fixed an issue where all modules & data collections weren't selected by default.

  • Rearchitected the New Release flow. This restructuring enhances load performance while fixing issues around view grids not loading correctly. Applications now populate correctly and show Modified Indicator consistently.

  • Removed the ability to rollback partial promotions. Partial rollbacks were causing many issues. Rollbacks are now for full applications only. Additionally, warnings were created for partial promotions. When a partial promotion is selected, a warning displays when creating the release and on the View Release page. This warning notifies the end-user that partial promotions cannot be rolled back.

    • If a partial promotion is selected; the rollback button will be disabled.

    • Added a new column to the Tagged Release table confirming a release is full or partial.

  • Fixed an issue when calling the Tagging API outside of the tool would limit only 50 modules.

  • Removed the In Progress GIF from Promotion Key to reduce confusion for end-users.

  • Fixed an issue where the Type column depopulated when removing an application from the Applications Selected table when creating a new release.

  • Added Search/Filter/Sort functionality for the Selecting Elements to Promote modal.

  • Expanded the width of the Select Elements to Promote modal.

  • Added infinite scroll to the Select Elements to Promote modal.

  • Allow end-users to deselect a Workflow from being promoted after initial promotion. Subsequent promotions allow for clearing the Promote Workflow checkbox in the Select Elements to Promote modal.

Flexible Data Manager Tool

Previously any Creator could access this tool. Going forward, access is limited to Creators with the Environment Administrator role.

Bug Fixes & Enhancements

The following bug fixes and enhancements have also been made to the Flexible Data Manager tool:

  • Fixed an issue where users couldn't query on created, modified, and userId when selecting the OR operator during Bulk Update operations.

Service Logs Dashboard Tool

If using Environment Roles only (not using WSRBAC):

  • Creators can view all service logs.

If using WSRBAC:

  • Creators can view service logs related to modules, workflows, or services inside Workspaces they have access to.

  • If a user cannot access specific service log records, it likely means they do not have access to the Workspace in which the module resides.

API Docs, Schema Docs, App Dependencies, and Module Revisions Tools

If using Environment Roles only (not using WSRBAC):

  • Creators can view all data with these tools.

If using WSRBAC:

  • In each of these tools, Creators can view data related to modules inside Workspaces they have access to.

  • If a user cannot access specific records, it likely means they do not have access to the Workspace in which the module resides.

Monitoring Tools

No changes have been made to the Alerts, Logs, or Metrics Dashboard tools as they require the Creator Environment Administrator role to access.

Testing, Config Analysis, and Service Logs Tools

No changes have been made to these tools. Any user who logs in with Designer credentials can continue to access all data.