Uploaded image for project: 'JOC - JobScheduler Operations Center'
  1. JOC - JobScheduler Operations Center
  2. JOC-2050

Cleanup Service - cleanup Profiles

    XMLWordPrintable

Details

    • Fix
    • Status: Approved (View Workflow)
    • Minor
    • Resolution: Fixed
    • None
    • 2.7.5, 2.8.0
    • None
    • None

    Description

      Current Situation

      The Cleanup Service automatically removes Profile and Login History database entries based on the following cleanup settings:

      • Profile-related:
        • profile_age - specifies the max. number of days that a Profile has not been used from login by a user account before it is purged.
        • If the same Account exists across multiple Identity Services, the Cleanup Service incorrectly deletes the entire user Profile and its dependent data (e.g., Favorites, Keys, Certificates) - even if the Account has been actively used in at least one of the Identity Services.
          • This results in loss of data for active users, which is not the intended behavior.
      • Login History-related:
        • failed_login_history_age - specifies the max. number of days for which entries in the history of failed logins are retained before they are purged.
        • Successful logins are retained indefinitely, regardless of age.

      Desired Behaviour

      • Profile Cleanup:
        • A Profile and all associated data should be purged only if the corresponding Account has not been used via any Identity Service during the profile_age period.
      • Login History Cleanup:
        • Successful login records should also be purged if their timestamp exceeds the profile_age threshold.

      Test Instructions

      • Log in using the existing root account.
      • Navigate to Manage Identity Services.
        • Add a new Identity Service:
          • Name: JOC-2050
          • Type: JOC
          • Add all roles to the Identity Service.
          • Add a new account named root and assign it a password different from the existing root account password.
      • Log out
      • Log in again as root, but use the password defined under the JOC-2050 Identity Service.
      • Log out
      • Open a database tool (e.g., MySQL Workbench) and execute: SELECT * FROM IAM_HISTORY;
        • Verify that 2 successful login records for root exist.
        • The account name should be the same, but the IDENTITY_SERVICE_ID should differ.
        • Modify the year of LOGIN_DATE of the most recent login to the year 2023. e.g.: 2023-05-30 15:50:46
      • Log in using the original root password.
      • In the JOC dashboard, perform Run Service -> Cleanup Service.
        • Wait approximately 1 minute.
      • Re-run the SQL query: SELECT * FROM IAM_HISTORY;
        • Confirm that only 1 login record for root remains (the older one should be removed).
      • Switch to the Profile.
        • Expected Result: All Profile data (Favorites, Keys, Certificates) should still be present.

      Attachments

        Activity

          People

            re Robert Ehrlich
            re Robert Ehrlich
            Aakash Rao Aakash Rao
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: