You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Is your feature request related to a problem? Please describe.
In our db2 tenant-aware schemas, each tenant is granted one or more tenant keys to interact with their data.
However, we currently have no way to actually remove the old keys.
Describe the solution you'd like
Support deletion of old keys (probably via their id).
Describe alternatives you've considered
Support only a single key at a time (replace the old key when we generate a new one)
Acceptance Criteria
1.
GIVEN a db2 schema
AND a tenant that has been onboarded and configured with a particular tenant key
WHEN the tenant key is deleted
THEN the tenant is no longer able to access the data
Additional context
robin's response to "how can you delete a key that you've lost/forgotten"?:
The simplest thing would be to delete all the rows from tenant_keys for a given tenant then add a new key. Unless you know which key you want to remove, of course. Keys can be identified by their id, salt or hash all of which are (very probably) unique.
The text was updated successfully, but these errors were encountered:
Is your feature request related to a problem? Please describe.
In our db2 tenant-aware schemas, each tenant is granted one or more tenant keys to interact with their data.
We support adding new keys, which is particularly helpful if a key is lost (or was never written down during the initial provision).
https://github.com/IBM/FHIR/tree/master/fhir-persistence-schema#add-a-key-to-existing-tenant-db2-only
However, we currently have no way to actually remove the old keys.
Describe the solution you'd like
Support deletion of old keys (probably via their id).
Describe alternatives you've considered
Support only a single key at a time (replace the old key when we generate a new one)
Acceptance Criteria
1.
GIVEN a db2 schema
AND a tenant that has been onboarded and configured with a particular tenant key
WHEN the tenant key is deleted
THEN the tenant is no longer able to access the data
Additional context
robin's response to "how can you delete a key that you've lost/forgotten"?:
The text was updated successfully, but these errors were encountered: