Deleting tenant using API methods is fine. My first thought was you only need to have following level of granularity.
1. Delete tenant entry from UM table which will cascade delete all other entries for that tenant ID. 2. Delete tenant entry from REG table which will cascade delete all other entries for that tenant ID in REG DB 3. Delete LDAP if needed. But if you say you are going to have separate APIs to delete all the users, all the roles, all the permissions, etc. that is also fine (can be considered an improvement). But you should make sure you are not leaving database in inconsistent state. And in this case you will encounter some options which you have stated in your first mail. So you need to decide which one you are going to choose. Then there is the problem with tenant admin, which you need to specifically handle. In the approach I suggested you won't encounter these options/problems because its all deleted in bulk in one transaction. So if you are going down this path please make sure above concern is addressed and what new APIs you are introducing. Also I am assuming you are adding all these APIs to user.core ? Regards, Johann. On Wed, Feb 18, 2015 at 2:03 PM, Shashika Karunatilaka <[email protected]> wrote: > HI Johan, > > Requirement here is to delete the tenant using API methods. Yes, to do > that i'm breaking the tenant deletion in to several methods. > Here I'm following the process of reverting the tenant creation. > As steps I'm trying to remove all the user management related data and > registry related data. > To remove the user management data I'm deleting the users, user roles, > user permissions so on. > During this i encountered the above issue of deleting the tenant admin. > Yes there is no way of deleting the tenant admin, here we trying to delete > the admin user, its roles. directly calling the DB. Do you see any other > better approach for this? > > Thank you. > > On Wed, Feb 18, 2015 at 1:33 PM, Johann Nallathamby <[email protected]> > wrote: > >> Can you please clarify, what is the requirement here ? As I can see you >> are trying to break tenant deletion into several methods. If DB >> transactions are not handled properly this will lead to inconsistent state. >> >> Currently we rely on cascade delete functionality of the database and >> that will make sure all the data is wiped out without leaving data in >> inconsistent state. Only for LDAP you have to separately delete the OUs >> which contain users and groups. >> >> Deleting tenant admin is also not something we support right now under >> the assumption we cannot change tenant admin once a tenant has been created. >> >> >> >> On Wed, Feb 18, 2015 at 12:31 PM, Kishanthan Thangarajah < >> [email protected]> wrote: >> >>> For scenarios like above (delete tenant admin user) which we cannot use >>> the APIs, use the hard delete approach. >>> >>> On Tue, Feb 17, 2015 at 10:06 AM, Shashika Karunatilaka < >>> [email protected]> wrote: >>> >>>> HI Kishanthan, >>>> >>>> Yes, calling delete user API will internally delete all(roles, >>>> permissions) data associated with that user. But there is a scenario where >>>> we cannot delete the tenant admin user. >>>> And my question here was, let say if this deleting process breaks at >>>> some point, then it will remain those tenant related(none deleted) data in >>>> the system. shouldn't this deletion process be atomic? >>>> >>>> Thank you >>>> >>>> On Mon, Feb 16, 2015 at 7:35 PM, Kishanthan Thangarajah < >>>> [email protected]> wrote: >>>> >>>>> Shouldn't calling delete user API will internally delete all (roles, >>>>> permissions) data associated with that user? >>>>> >>>>> On Fri, Feb 13, 2015 at 11:01 AM, Shashika Karunatilaka < >>>>> [email protected]> wrote: >>>>> >>>>>> HI all, >>>>>> >>>>>> When adding tenant it creates some of DB level operations >>>>>> sequentially >>>>>> as an *example*, >>>>>> In tenant creation it creates a user, creates user roles, add >>>>>> permissions to the roles and so on >>>>>> when deleting there are few options >>>>>> >>>>>> 1. Delete the role permissions for the user role, delete user >>>>>> roles for the user finally delete the user >>>>>> 2. Delete all the users, roles, role permissions data associated >>>>>> to that tenant >>>>>> >>>>>> what would be the best approach? >>>>>> >>>>>> Thank you >>>>>> >>>>>> -- >>>>>> Shashika Prabath Karunatilaka, >>>>>> Software Engineer, >>>>>> WSO2, Inc: http://wso2.com/ >>>>>> mobile : +94 77 7487792 >>>>>> >>>>> >>>>> >>>>> >>>>> -- >>>>> *Kishanthan Thangarajah* >>>>> Senior Software Engineer, >>>>> Platform Technologies Team, >>>>> WSO2, Inc. >>>>> lean.enterprise.middleware >>>>> >>>>> Mobile - +94773426635 >>>>> Blog - *http://kishanthan.wordpress.com >>>>> <http://kishanthan.wordpress.com>* >>>>> Twitter - *http://twitter.com/kishanthan >>>>> <http://twitter.com/kishanthan>* >>>>> >>>> >>>> >>>> >>>> -- >>>> Shashika Prabath Karunatilaka, >>>> Software Engineer, >>>> WSO2, Inc: http://wso2.com/ >>>> mobile : +94 77 7487792 >>>> >>> >>> >>> >>> -- >>> *Kishanthan Thangarajah* >>> Senior Software Engineer, >>> Platform Technologies Team, >>> WSO2, Inc. >>> lean.enterprise.middleware >>> >>> Mobile - +94773426635 >>> Blog - *http://kishanthan.wordpress.com >>> <http://kishanthan.wordpress.com>* >>> Twitter - *http://twitter.com/kishanthan >>> <http://twitter.com/kishanthan>* >>> >>> _______________________________________________ >>> Dev mailing list >>> [email protected] >>> http://wso2.org/cgi-bin/mailman/listinfo/dev >>> >>> >> >> >> -- >> Thanks & Regards, >> >> *Johann Dilantha Nallathamby* >> Associate Technical Lead & Product Lead of WSO2 Identity Server >> Integration Technologies Team >> WSO2, Inc. >> lean.enterprise.middleware >> >> Mobile - *+94777776950* >> Blog - *http://nallaa.wordpress.com <http://nallaa.wordpress.com>* >> > > > > -- > Shashika Prabath Karunatilaka, > Software Engineer, > WSO2, Inc: http://wso2.com/ > mobile : +94 77 7487792 > -- Thanks & Regards, *Johann Dilantha Nallathamby* Associate Technical Lead & Product Lead of WSO2 Identity Server Integration Technologies Team WSO2, Inc. lean.enterprise.middleware Mobile - *+94777776950* Blog - *http://nallaa.wordpress.com <http://nallaa.wordpress.com>*
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
