Idea #10511
Updated by Peter Amstutz about 6 years ago
Currently, the user permission for the container created to satisfy a container request is determined by @modified_by_uuid@. If a user submits a container request, which is then touched by an admin user, the container may run as admin and not the intended user. In addition, this complicates auditing, if @modified_by_uuid@ is changed for any other reason, we lose a record of who submitted the container. Introduce a @created_by_uuid@ field to the container request that is set when the record is created and used to determine what user to run the container as. In addition, it is difficult to determine what user was used to run the underlying container records. This information technically exists by following auth_uuid to the token record, and then getting the user associated with the token, however this information that is not available to non-admin users, and expired tokens may be deleted at any time by the system. * Introduce a @created_by_uuid@ @user_uuid@ field to the container request that which is set when the record is created and used to determine what user to run the container as. * Introduce a @user_uuid@ field to the container that records the user uuid that the container ran as.