Re: [Dev] Deleting tenant related data from the DB level
Can you please clarify, what is the requirement here ? As I can see you are trying to break tenant deletion into several methods. If DB transactions are not handled properly this will lead to inconsistent state. Currently we rely on cascade delete functionality of the database and that will make sure all the data is wiped out without leaving data in inconsistent state. Only for LDAP you have to separately delete the OUs which contain users and groups. Deleting tenant admin is also not something we support right now under the assumption we cannot change tenant admin once a tenant has been created. On Wed, Feb 18, 2015 at 12:31 PM, Kishanthan Thangarajah kishant...@wso2.com wrote: For scenarios like above (delete tenant admin user) which we cannot use the APIs, use the hard delete approach. On Tue, Feb 17, 2015 at 10:06 AM, Shashika Karunatilaka shashi...@wso2.com wrote: HI Kishanthan, Yes, calling delete user API will internally delete all(roles, permissions) data associated with that user. But there is a scenario where we cannot delete the tenant admin user. And my question here was, let say if this deleting process breaks at some point, then it will remain those tenant related(none deleted) data in the system. shouldn't this deletion process be atomic? Thank you On Mon, Feb 16, 2015 at 7:35 PM, Kishanthan Thangarajah kishant...@wso2.com wrote: Shouldn't calling delete user API will internally delete all (roles, permissions) data associated with that user? On Fri, Feb 13, 2015 at 11:01 AM, Shashika Karunatilaka shashi...@wso2.com wrote: HI all, When adding tenant it creates some of DB level operations sequentially as an *example*, In tenant creation it creates a user, creates user roles, add permissions to the roles and so on when deleting there are few options 1. Delete the role permissions for the user role, delete user roles for the user finally delete the user 2. Delete all the users, roles, role permissions data associated to that tenant what would be the best approach? Thank you -- Shashika Prabath Karunatilaka, Software Engineer, WSO2, Inc: http://wso2.com/ mobile : +94 77 7487792 -- *Kishanthan Thangarajah* Senior Software Engineer, Platform Technologies Team, WSO2, Inc. lean.enterprise.middleware Mobile - +94773426635 Blog - *http://kishanthan.wordpress.com http://kishanthan.wordpress.com* Twitter - *http://twitter.com/kishanthan http://twitter.com/kishanthan* -- Shashika Prabath Karunatilaka, Software Engineer, WSO2, Inc: http://wso2.com/ mobile : +94 77 7487792 -- *Kishanthan Thangarajah* Senior Software Engineer, Platform Technologies Team, WSO2, Inc. lean.enterprise.middleware Mobile - +94773426635 Blog - *http://kishanthan.wordpress.com http://kishanthan.wordpress.com* Twitter - *http://twitter.com/kishanthan http://twitter.com/kishanthan* ___ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev -- Thanks Regards, *Johann Dilantha Nallathamby* Associate Technical Lead Product Lead of WSO2 Identity Server Integration Technologies Team WSO2, Inc. lean.enterprise.middleware Mobile - *+9476950* Blog - *http://nallaa.wordpress.com http://nallaa.wordpress.com* ___ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
Re: [Dev] Deleting tenant related data from the DB level
HI Johan, Requirement here is to delete the tenant using API methods. Yes, to do that i'm breaking the tenant deletion in to several methods. Here I'm following the process of reverting the tenant creation. As steps I'm trying to remove all the user management related data and registry related data. To remove the user management data I'm deleting the users, user roles, user permissions so on. During this i encountered the above issue of deleting the tenant admin. Yes there is no way of deleting the tenant admin, here we trying to delete the admin user, its roles. directly calling the DB. Do you see any other better approach for this? Thank you. On Wed, Feb 18, 2015 at 1:33 PM, Johann Nallathamby joh...@wso2.com wrote: Can you please clarify, what is the requirement here ? As I can see you are trying to break tenant deletion into several methods. If DB transactions are not handled properly this will lead to inconsistent state. Currently we rely on cascade delete functionality of the database and that will make sure all the data is wiped out without leaving data in inconsistent state. Only for LDAP you have to separately delete the OUs which contain users and groups. Deleting tenant admin is also not something we support right now under the assumption we cannot change tenant admin once a tenant has been created. On Wed, Feb 18, 2015 at 12:31 PM, Kishanthan Thangarajah kishant...@wso2.com wrote: For scenarios like above (delete tenant admin user) which we cannot use the APIs, use the hard delete approach. On Tue, Feb 17, 2015 at 10:06 AM, Shashika Karunatilaka shashi...@wso2.com wrote: HI Kishanthan, Yes, calling delete user API will internally delete all(roles, permissions) data associated with that user. But there is a scenario where we cannot delete the tenant admin user. And my question here was, let say if this deleting process breaks at some point, then it will remain those tenant related(none deleted) data in the system. shouldn't this deletion process be atomic? Thank you On Mon, Feb 16, 2015 at 7:35 PM, Kishanthan Thangarajah kishant...@wso2.com wrote: Shouldn't calling delete user API will internally delete all (roles, permissions) data associated with that user? On Fri, Feb 13, 2015 at 11:01 AM, Shashika Karunatilaka shashi...@wso2.com wrote: HI all, When adding tenant it creates some of DB level operations sequentially as an *example*, In tenant creation it creates a user, creates user roles, add permissions to the roles and so on when deleting there are few options 1. Delete the role permissions for the user role, delete user roles for the user finally delete the user 2. Delete all the users, roles, role permissions data associated to that tenant what would be the best approach? Thank you -- Shashika Prabath Karunatilaka, Software Engineer, WSO2, Inc: http://wso2.com/ mobile : +94 77 7487792 -- *Kishanthan Thangarajah* Senior Software Engineer, Platform Technologies Team, WSO2, Inc. lean.enterprise.middleware Mobile - +94773426635 Blog - *http://kishanthan.wordpress.com http://kishanthan.wordpress.com* Twitter - *http://twitter.com/kishanthan http://twitter.com/kishanthan* -- Shashika Prabath Karunatilaka, Software Engineer, WSO2, Inc: http://wso2.com/ mobile : +94 77 7487792 -- *Kishanthan Thangarajah* Senior Software Engineer, Platform Technologies Team, WSO2, Inc. lean.enterprise.middleware Mobile - +94773426635 Blog - *http://kishanthan.wordpress.com http://kishanthan.wordpress.com* Twitter - *http://twitter.com/kishanthan http://twitter.com/kishanthan* ___ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev -- Thanks Regards, *Johann Dilantha Nallathamby* Associate Technical Lead Product Lead of WSO2 Identity Server Integration Technologies Team WSO2, Inc. lean.enterprise.middleware Mobile - *+9476950* Blog - *http://nallaa.wordpress.com http://nallaa.wordpress.com* -- Shashika Prabath Karunatilaka, Software Engineer, WSO2, Inc: http://wso2.com/ mobile : +94 77 7487792 ___ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
Re: [Dev] Deleting tenant related data from the DB level
Deleting tenant using API methods is fine. My first thought was you only need to have following level of granularity. 1. Delete tenant entry from UM table which will cascade delete all other entries for that tenant ID. 2. Delete tenant entry from REG table which will cascade delete all other entries for that tenant ID in REG DB 3. Delete LDAP if needed. But if you say you are going to have separate APIs to delete all the users, all the roles, all the permissions, etc. that is also fine (can be considered an improvement). But you should make sure you are not leaving database in inconsistent state. And in this case you will encounter some options which you have stated in your first mail. So you need to decide which one you are going to choose. Then there is the problem with tenant admin, which you need to specifically handle. In the approach I suggested you won't encounter these options/problems because its all deleted in bulk in one transaction. So if you are going down this path please make sure above concern is addressed and what new APIs you are introducing. Also I am assuming you are adding all these APIs to user.core ? Regards, Johann. On Wed, Feb 18, 2015 at 2:03 PM, Shashika Karunatilaka shashi...@wso2.com wrote: HI Johan, Requirement here is to delete the tenant using API methods. Yes, to do that i'm breaking the tenant deletion in to several methods. Here I'm following the process of reverting the tenant creation. As steps I'm trying to remove all the user management related data and registry related data. To remove the user management data I'm deleting the users, user roles, user permissions so on. During this i encountered the above issue of deleting the tenant admin. Yes there is no way of deleting the tenant admin, here we trying to delete the admin user, its roles. directly calling the DB. Do you see any other better approach for this? Thank you. On Wed, Feb 18, 2015 at 1:33 PM, Johann Nallathamby joh...@wso2.com wrote: Can you please clarify, what is the requirement here ? As I can see you are trying to break tenant deletion into several methods. If DB transactions are not handled properly this will lead to inconsistent state. Currently we rely on cascade delete functionality of the database and that will make sure all the data is wiped out without leaving data in inconsistent state. Only for LDAP you have to separately delete the OUs which contain users and groups. Deleting tenant admin is also not something we support right now under the assumption we cannot change tenant admin once a tenant has been created. On Wed, Feb 18, 2015 at 12:31 PM, Kishanthan Thangarajah kishant...@wso2.com wrote: For scenarios like above (delete tenant admin user) which we cannot use the APIs, use the hard delete approach. On Tue, Feb 17, 2015 at 10:06 AM, Shashika Karunatilaka shashi...@wso2.com wrote: HI Kishanthan, Yes, calling delete user API will internally delete all(roles, permissions) data associated with that user. But there is a scenario where we cannot delete the tenant admin user. And my question here was, let say if this deleting process breaks at some point, then it will remain those tenant related(none deleted) data in the system. shouldn't this deletion process be atomic? Thank you On Mon, Feb 16, 2015 at 7:35 PM, Kishanthan Thangarajah kishant...@wso2.com wrote: Shouldn't calling delete user API will internally delete all (roles, permissions) data associated with that user? On Fri, Feb 13, 2015 at 11:01 AM, Shashika Karunatilaka shashi...@wso2.com wrote: HI all, When adding tenant it creates some of DB level operations sequentially as an *example*, In tenant creation it creates a user, creates user roles, add permissions to the roles and so on when deleting there are few options 1. Delete the role permissions for the user role, delete user roles for the user finally delete the user 2. Delete all the users, roles, role permissions data associated to that tenant what would be the best approach? Thank you -- Shashika Prabath Karunatilaka, Software Engineer, WSO2, Inc: http://wso2.com/ mobile : +94 77 7487792 -- *Kishanthan Thangarajah* Senior Software Engineer, Platform Technologies Team, WSO2, Inc. lean.enterprise.middleware Mobile - +94773426635 Blog - *http://kishanthan.wordpress.com http://kishanthan.wordpress.com* Twitter - *http://twitter.com/kishanthan http://twitter.com/kishanthan* -- Shashika Prabath Karunatilaka, Software Engineer, WSO2, Inc: http://wso2.com/ mobile : +94 77 7487792 -- *Kishanthan Thangarajah* Senior Software Engineer, Platform Technologies Team, WSO2, Inc. lean.enterprise.middleware Mobile - +94773426635 Blog - *http://kishanthan.wordpress.com http://kishanthan.wordpress.com* Twitter - *http://twitter.com/kishanthan http://twitter.com/kishanthan* ___ Dev mailing list
Re: [Dev] Deleting tenant related data from the DB level
For scenarios like above (delete tenant admin user) which we cannot use the APIs, use the hard delete approach. On Tue, Feb 17, 2015 at 10:06 AM, Shashika Karunatilaka shashi...@wso2.com wrote: HI Kishanthan, Yes, calling delete user API will internally delete all(roles, permissions) data associated with that user. But there is a scenario where we cannot delete the tenant admin user. And my question here was, let say if this deleting process breaks at some point, then it will remain those tenant related(none deleted) data in the system. shouldn't this deletion process be atomic? Thank you On Mon, Feb 16, 2015 at 7:35 PM, Kishanthan Thangarajah kishant...@wso2.com wrote: Shouldn't calling delete user API will internally delete all (roles, permissions) data associated with that user? On Fri, Feb 13, 2015 at 11:01 AM, Shashika Karunatilaka shashi...@wso2.com wrote: HI all, When adding tenant it creates some of DB level operations sequentially as an *example*, In tenant creation it creates a user, creates user roles, add permissions to the roles and so on when deleting there are few options 1. Delete the role permissions for the user role, delete user roles for the user finally delete the user 2. Delete all the users, roles, role permissions data associated to that tenant what would be the best approach? Thank you -- Shashika Prabath Karunatilaka, Software Engineer, WSO2, Inc: http://wso2.com/ mobile : +94 77 7487792 -- *Kishanthan Thangarajah* Senior Software Engineer, Platform Technologies Team, WSO2, Inc. lean.enterprise.middleware Mobile - +94773426635 Blog - *http://kishanthan.wordpress.com http://kishanthan.wordpress.com* Twitter - *http://twitter.com/kishanthan http://twitter.com/kishanthan* -- Shashika Prabath Karunatilaka, Software Engineer, WSO2, Inc: http://wso2.com/ mobile : +94 77 7487792 -- *Kishanthan Thangarajah* Senior Software Engineer, Platform Technologies Team, WSO2, Inc. lean.enterprise.middleware Mobile - +94773426635 Blog - *http://kishanthan.wordpress.com http://kishanthan.wordpress.com* Twitter - *http://twitter.com/kishanthan http://twitter.com/kishanthan* ___ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
Re: [Dev] Deleting tenant related data from the DB level
Shouldn't calling delete user API will internally delete all (roles, permissions) data associated with that user? On Fri, Feb 13, 2015 at 11:01 AM, Shashika Karunatilaka shashi...@wso2.com wrote: HI all, When adding tenant it creates some of DB level operations sequentially as an *example*, In tenant creation it creates a user, creates user roles, add permissions to the roles and so on when deleting there are few options 1. Delete the role permissions for the user role, delete user roles for the user finally delete the user 2. Delete all the users, roles, role permissions data associated to that tenant what would be the best approach? Thank you -- Shashika Prabath Karunatilaka, Software Engineer, WSO2, Inc: http://wso2.com/ mobile : +94 77 7487792 -- *Kishanthan Thangarajah* Senior Software Engineer, Platform Technologies Team, WSO2, Inc. lean.enterprise.middleware Mobile - +94773426635 Blog - *http://kishanthan.wordpress.com http://kishanthan.wordpress.com* Twitter - *http://twitter.com/kishanthan http://twitter.com/kishanthan* ___ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
Re: [Dev] Deleting tenant related data from the DB level
HI Kishanthan, Yes, calling delete user API will internally delete all(roles, permissions) data associated with that user. But there is a scenario where we cannot delete the tenant admin user. And my question here was, let say if this deleting process breaks at some point, then it will remain those tenant related(none deleted) data in the system. shouldn't this deletion process be atomic? Thank you On Mon, Feb 16, 2015 at 7:35 PM, Kishanthan Thangarajah kishant...@wso2.com wrote: Shouldn't calling delete user API will internally delete all (roles, permissions) data associated with that user? On Fri, Feb 13, 2015 at 11:01 AM, Shashika Karunatilaka shashi...@wso2.com wrote: HI all, When adding tenant it creates some of DB level operations sequentially as an *example*, In tenant creation it creates a user, creates user roles, add permissions to the roles and so on when deleting there are few options 1. Delete the role permissions for the user role, delete user roles for the user finally delete the user 2. Delete all the users, roles, role permissions data associated to that tenant what would be the best approach? Thank you -- Shashika Prabath Karunatilaka, Software Engineer, WSO2, Inc: http://wso2.com/ mobile : +94 77 7487792 -- *Kishanthan Thangarajah* Senior Software Engineer, Platform Technologies Team, WSO2, Inc. lean.enterprise.middleware Mobile - +94773426635 Blog - *http://kishanthan.wordpress.com http://kishanthan.wordpress.com* Twitter - *http://twitter.com/kishanthan http://twitter.com/kishanthan* -- Shashika Prabath Karunatilaka, Software Engineer, WSO2, Inc: http://wso2.com/ mobile : +94 77 7487792 ___ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
