Testing default user groups with role assignments always requires synchronization with IAM after a change. Testing default user groups therefore becomes a time-consuming activity for our developpers.
We would like to have an option for the developer to test default user groups from within the SF without synchronization to IAM.
For example, if the developer could select a set of default user groups within the SF and use them to carry out the tests via IAM, this would save a lot of time.
Perhaps, the possibility to synchronize only the changes made in default user groups and role assignments to IAM separately from other model changes could be an alternative that saves time.
Yes please
Since it is possible to pre-define usergroups from the SF, this would be very helpful in testing the actual allowed capabilities of the group members.
We definitely see the value in being able to simulate a combination of roles from the Software Factory. Technically, this is quite challenging, however.
When the model is synchronized from the Software Factory to the Intelligent Application Manager, the model is not simply copied 1-to-1.
The model in the Software Factory is optimized for development. Information is not duplicated and conflicting information is automatically resolved using priority hierarchies. For instance, when you turn off the editability of a table, you won't get an error that one of the columns is still editable or that a role allows editing of this table. Turning it off will simply ‘overrule’ the column- and role setting in practice.
While this makes life easier for developers, this behavior also requires a bit of calculation. For instance, to determine whether or not you can view and edit a variant column when starting the application via the Software Factory, the Software Factory needs to perform (something like) the following calculations:
This is quite calculation-intensive and would not fly in a production environment. So, when synchronizing to IAM a lot of pre-calculations and duplications of information are applied:
This ensures that, when starting from IAM, loading the model for a variant grid column can be done really fast. It only consists of the following kinds of checks:
Furthermore, this is then cached by IAM in a way that the runtime components can reuse these calculations for other users with the same set of roles.
This very different nature of data structures in IAM and the Software Factory makes it difficult to deliver on an idea like this one without resulting in unacceptable performance issues or a very restrictive and unintuitive development experience.
We will look into this further - perhaps a redesign of the data structures for roles or calculation and normalization during generation for role-combination simulation may offer some solutions.