Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

🚀 Add database management to the Control Panel via Lake Formation #4367

Closed
5 tasks done
michaeljcollinsuk opened this issue May 21, 2024 · 7 comments · Fixed by ministryofjustice/analytics-platform-control-panel#1302
Closed
5 tasks done

🚀 Add database management to the Control Panel via Lake Formation #4367

michaeljcollinsuk opened this issue May 21, 2024 · 7 comments · Fixed by ministryofjustice/analytics-platform-control-panel#1302
Assignees
@michaeljcollinsuk @jamesstottmoj
Labels
story

Comments

@michaeljcollinsuk
Copy link
Contributor

michaeljcollinsuk commented May 21, 2024
edited
Loading

User Story

As a data engineer
I want to grant other users access to my databases in the Control Panel
So that access is visible and easy to maintain

Value / Purpose

We are currently working with the DPR team to share their databases with the AP. Once shared, we need to grant AP users access. Doing this in Lake Formation has benefits to the existing method of managing IAM roles via data-engineering-database-access.

We have also had a feature request for this from our users #4352

Useful Contacts

@michaeljcollinsuk, @jamesstottmoj

User Types

No response

Hypothesis

If we... add Lake Formation to Control Panel
Then... database access management will be improved

Proposal

Integrate Lake Formation with the Control Panel so that users can manage database access themselves.

Initial scope should be limited to:

  • Only allow access management of databases that are already registered with Lake Formation
  • Use the named resource method for granting access
  • Only enable the feature for privileged users - AP superusers and select number of test users
  • Use the work with DPR as an initial test case (ADD LINK TO RELATED TICKET)

Additional Information

See related feature request #4352

Definition of Done

  • Privileged users can see databases and tables in the AP via the Control Panel
  • Privileged users can grant access to databases/tables registered in Lake Formation via the Control Panel
  • Privileged users can revoke access to databases/tables registered in Lake Formation via the Control Panel
  • Superusers can grant other users access to the database management feature
  • The feature has been tested with the databases that are being shared with the AP as part of DPR work
@michaeljcollinsuk michaeljcollinsuk changed the title 📖 Manage database access using Lake Formation via the Control Panel 🚀 Add database management to the Control Panel via Lake Formation May 21, 2024
@Ed-Bajo Ed-Bajo mentioned this issue May 21, 2024
Closed
@michaeljcollinsuk michaeljcollinsuk moved this from 👀 TODO to 🚀 In Progress in Analytical Platform May 23, 2024
@jamesstottmoj jamesstottmoj mentioned this issue Jun 3, 2024
Closed
1 task
@jamesstottmoj
Copy link
Contributor

Implementation made

  • Super user can apply toggle to user that will allow them database management access
  • User can apply/revoke permissions on a table that has been registered with lake formation (tables that are not registered with lake formation cannot have user permissions assigned via control panel)

Unit tests written

@jamesstottmoj
Copy link
Contributor

This ticket needs testing in development. The plan is to take the PR build and put it in dev and see what permissions are missing.

@jamesstottmoj jamesstottmoj mentioned this issue Jun 6, 2024
Merged
1 task
@github-project-automation github-project-automation bot moved this from 🚀 In Progress to 🎉 Done in Analytical Platform Jun 6, 2024
@jamesstottmoj jamesstottmoj reopened this Jun 6, 2024
@github-project-automation github-project-automation bot moved this from 🎉 Done to 🚀 In Progress in Analytical Platform Jun 6, 2024
@jamesstottmoj
Copy link
Contributor

Merged to main. Going to put into development to test.

@jamesstottmoj
Copy link
Contributor

Changes now in development. Experimented to find appropriate permissions to apply to the control panel role in order to apply permissions on users. They've been applied via AP Terraform

@Gary-H9 Gary-H9 moved this from 🚀 In Progress to 🚫 Blocked in Analytical Platform Jun 12, 2024
@jamesstottmoj
Copy link
Contributor

UI needs some tweaks to make information presentation clearer.
Blocked as we need a database and shared tables from DPR into AP account.

@EO510 EO510 moved this from 🚫 Blocked to 🛂 In Review in Analytical Platform Jul 29, 2024
This was referenced Jul 29, 2024
Merged
Merged
Merged
@michaeljcollinsuk
Copy link
Contributor Author

Deployed to prod for testing with pre-prod data. It is using the curated_prisons_history_preprod_dbt database and tables, via a resource link.

@michaeljcollinsuk michaeljcollinsuk mentioned this issue Aug 6, 2024
Merged
4 tasks
@michaeljcollinsuk
Copy link
Contributor Author

Follow on tickets may need to be raised once further testing has been completed, but the DOD for this ticket is now complete and has been deployed to production.

@github-project-automation github-project-automation bot moved this from 🛂 In Review to 🎉 Done in Analytical Platform Aug 7, 2024
@julialawrence julialawrence mentioned this issue Dec 11, 2024
Open
4 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@michaeljcollinsuk michaeljcollinsuk

@jamesstottmoj jamesstottmoj

Labels
story
Projects
Analytical Platform
Archived in project
Milestone
No milestone
2 participants
@michaeljcollinsuk @jamesstottmoj