From df9ab78ec0e2ecb5c570dc819f94e7ab93574103 Mon Sep 17 00:00:00 2001 From: Phil Schneider Date: Wed, 11 Sep 2024 17:55:18 +0200 Subject: [PATCH] docs: adjust delete technical user documentation (#393) https://github.com/eclipse-tractusx/portal-backend/issues/950 --- .../04. Delete Technical User.md | 58 +++++++++---------- 1 file changed, 28 insertions(+), 30 deletions(-) diff --git a/docs/developer/03. User Management/03. Technical User/04. Delete Technical User.md b/docs/developer/03. User Management/03. Technical User/04. Delete Technical User.md index cb8a19817..a22c68ae1 100644 --- a/docs/developer/03. User Management/03. Technical User/04. Delete Technical User.md +++ b/docs/developer/03. User Management/03. Technical User/04. Delete Technical User.md @@ -5,29 +5,42 @@ To delete an user, just open up the user details and click the "delete" button. image -
-
-
-
- #### Currently not supported: update technical user secret -
-
- ### Delete Service Account Delete an existing service account Only service accounts of the own company can get deleted. Permission: "delete_tech_user_management" -
-
+ As part of the deletion API, the following tasks get executed: -- Delete service account inside the central identity provider -- Technical user record is set to "INACTIVE" +```mermaid +flowchart TD + A(API delete call) -->|Pass the service account id| B["`Receive service account + for company`"] + B --> C{Service account exists is active and user has access} + C --> |true| D{"`Linked to active/pending connector`"} + C --> |false| E("Error 404 - serviceAccount {serviceAccountId} not found for company {companyId}") + D --> |false| F{"`Linked to active + offer subscription`"} + D --> |true| G("`Error 409 - Technical User is linked to an active connector. Change the link or deactivate the connector to delete the technical user.`") + F --> |false| H{Is external user} + F --> |true| I("`Error 409 - Technical User is linked to an active subscription. Deactivate the subscription to delete the technical user.`") + H --> |true| J{"`Create process still + in progress`"} + J --> |true| K("`Error 409 - Technical user can't be deleted because the creation progress is still running`") + J --> |false| L("`Create delete process + set state to PENDING_DELETION`") + H --> |false| M{has clientClientId} + M --> |true| N(Delete client from keycloak) + M --> |false| O(set state to DELETE) + N --> O +``` + +Endpoint can be called via: ```diff ! DELETE: api/administration/owncompany/serviceaccounts/{serviceAccountId} @@ -35,25 +48,10 @@ As part of the deletion API, the following tasks get executed: Validation: -- only owned or managed service account can get deleted -- the deletion is not possible if the user is linked to an active subscription - -
- -
- -Request body - - n/a - managed via endpoint path - -
-
- -> **_NOTE:_** Technical user owner as well as provider (managed tech user owner) can run the delete endpoint - however deletion is not possible if subscription/connector are still active. +- only owned or managed service account that are active can get deleted +- the deletion is not possible if the user is linked to an `active` offer subscription or an connector in state `active` or `pending` -
-
+> **_NOTE:_** Technical user owner as well as provider (managed tech user owner) can run the delete endpoint. ## NOTICE