Overview:
The CAMIS application is used to administer account access to both
CAMIS (internal app)
eMER (external app)
Account Types:
Access to CAMIS is provided by selecting “User Admin” from the “Admin” menu.
See also: (link to instructions to instructions for creating a CAMIS user account) → need to create this doc
See also: Create 2FA admin account for CAMIS
When CAMIS development or acceptance is refreshed without refreshing the 2FA database:
If the 2FA database is not refreshed at the same time as CAMIS:
The 2FA database only contains data for CAMIS user accounts if 2FA admin access was added to the account.
Adding 2FA admin access to a CAMIS user account is done manually.
For CAMIS user accounts having 2FA admin access the TWOFA_USERID_LBL in CAMIS table AA008_APPLICATION_USER and the GLOBAL_USERID_LBL TWOFA table AC040 will be out of sync.
This will prevent the account from working properly. For example the user can login to CAMIS but won’t be able to generate new activation codes for CAME Admin and CAME Associate Admin accounts.
Updating the TWOFA_USERID_LBL in AA008_APPLICATION_USER has to be done by a DBA on acceptance.
The trigger on the TWOFA_USERID_LBL has to be temporarily disabled and then re-enabled.
Access to eMER is provided by creating a CAME Admin or a CAME Associate Admin account.
* Such an account can only be created by a user having a CAMIS account with 2FA admin access.
See also: Creating a CAME profile
See also: Creating a CAME Associate Admin Profile
When CAMIS development or acceptance is refreshed from production, without refreshing the corresponding 2FA database:
The 2FA database will not contain data corresponding to CAME Admin/CAME Associate Admin that did not previously exist on the environment (development or acceptance) that the production CAMIS data is being refreshed to.
workaround: insert the corresponding data into AC040_STAKEHOLDER and AC044_EXTERNAL_STAKEHOLDER.
the TWOFA_USERID_LBL in CAMIS table AA008_APPLICATION_USER and the GLOBAL_USERID_LBL TWOFA table AC040 will be out of sync.
Updating the GLOBAL_USERID_LBL in AC040_STAKEHOLDER has to be done by a DBA on acceptance.
The trigger on the GLOBAL_USERID_LBL has to be temporarily disabled and then re-enabled.
Developer/business test accounts on production:
Developer accounts are not permitted to appear in the CAME Admin or CAME Associate Admin drop-down lists on production.
on production, data for development accounts is only in the 2FA database. There are no records in the
CAMIS database.
See also: Developer access to eMER on PROD
When CAMIS development or acceptance is refreshed from production, without refreshing the corresponding 2FA database:
if the developer /test business accounts are left as is:
account does not appear in CAME Admin/CAME Associate Admin drop-down
account won’t be connected to existing GC-Key.
these accounts can be “upgraded” to full eMER accounts that are connected to the original GC-Key by inserting the appropriated data into the following tables:
Reconstructing the accounts is time consuming (RPA might be a possibility to help with this ? have not investigated yet, since this is a new process).
Re-importing a backup of the existing account data could potentially break referential integrity in some parts of the application.
In short-term future, it may be more efficient to set the accounts that need to be “brought back” to deleted, and then re-create from scratch. Will do a test to see if such an account could be linked to existing GC-Key.
Main tables:
Table | Description |
---|---|
AC040_STAKEHOLDER | Contains the main record for Internal admin accounts having 2FA Admin access and eMER accounts external stakeholder (eMER) accounts have |
AC043_INTERNAL_STAKEHOLDER | Holds a record related to the one in AC040_STAKEHOLDER for users with 2FA Admin access. |
AC044_INTERNAL_STAKEHOLDER | Holds a record related to the one in AC040_STAKEHOLDER for users with 2FA Admin access. |
AC002_XREF_APPLICATION_USER | -Application access - |
AC003_LOGIN_ATTEMPT |
Recommendation:
based on the experience with the recent refresh of the CAMIS db (only) from production to acceptance, my recommendation would be to refresh both databases from prod to the target environment being refreshed (acceptance / development) at the same time in the future, as it will be less work for all involved.
The 2FA and CAMIS databases will be in sync.
TWOFA_USERID_LBL in CAMIS table AA008_APPLICATION_USER and the GLOBAL_USERID_LBLwill be in sync for CAMIS User accounts (Internal), as well as for CAME Admin and CAME Associate Admin accounts.
We won’t have to prepare a script to update those codes.
On acceptance, this would eliminate the need to have the dba temporarily disable the trigger, run the script and then re-enable the trigger.
Because members of the development teams do not have full eMER accounts on production, those accounts still need to be re-established per the notes I provided in the “Developer account section” of this document.
0 Comments