I'm a programmer who is about to release an intranet site where apprentices can rate their educators and vice versa. Currently the system is working as planned, however HR wants some way to verify that the users are OK with their ratings. If not, they should be able to unlock their ratings so that the other person has to re-do the rating.
Unfortunately, HR also wants to reduce the amount of logins that these users have to endure. In the worst case scenario, users have to:
Log in to rate the educator/apprentice
Log in to unlock the rating
Log in to rate the educator/apprentice again
And so on...
The user who fills the rating has to be user A, while the user who unlocks or confirms the rating has to be user B. User A can also unlock the rating if they have a correction.
This process has to be done twice - once for the educator, once for the apprentice.
There is usually only one workstation present (factory environment).
Possible solution:
My suggestion is a kind of meeting workflow. One user logs in, clicks a button in the appraisal and the workflow starts. The other user is prompted to log in. This starts a kind of "double session" with both users logged in at the same time. This is a way to verify that both of them are present in a meeting.
This process could be used for multiple ratings at the same time, guiding the users through the process one by one.
HR wants both of them to meet and discuss their ratings.
Are there any security and/or best practice concerns that I should be aware of? The system has to be ready on the first of August, so I'm really hoping to solve this issue as easily as possible. Are there better ways to do this?
It turns out that my idea of logging in two users at the same time wasn't so bad. At first, a regular user logs in and launches the meeting mode. In order to verify that the other user is present, this second user logs in. Both user's data is now stored in the session and the meeting workflow launches, guiding both of them through their appraisals. When the last appraisal is finished, the second user is logged out.
This question is solved.
Related
How to restrict access to salesforce application for the time users are on leave on basis of Leave start and end date?
Freeze user on leave start date and then unfreeze on leave end date ?
Any other automation approach ?
What exactly you want to achieve? Nightly batch job that does either of these should be enough? Not sure if you can do time-basrd workflows/processes on users.
You can (de)activate them although it's bit of a nuclear option. Other users might be impacted when they work with deactivated users' data, "operation was performed with inactive user" error.
You can (un)freeze manually or by modifying UserLogin table, each user will have 1 record in it. https://developer.salesforce.com/docs/atlas.en-us.api.meta/api/sforce_api_objects_userlogin.htm
If you want them to be able to log in but do limited set of things - you could look at your sharing rules and temp change their role/group/whatever. Or change profile to read-only. Or unassign a permission set.
Then there are more sophisticated things like maybe disabling their SSO, having a login flow that checks something on user record, checking up addresses (like allow login only from office network, not from home). You could look into "high assurance sessions", multi factor authentication (take their work phone or RSA device when they go on holidays?) or there's interesting trailhead about detecting / preventing suspicious activity. https://trailhead.salesforce.com/content/learn/modules/enhanced_transaction_security and https://trailhead.salesforce.com/en/content/learn/modules/event_monitoring
Without any particular reason, user permissions on Reports disappear and we are going through them one by one to re establish user access. We have no idea how this happens. The problem appears on a random number of users. It is the second time it happens in the last 12 months.
I am afraid that is all the details i have on the problem.
I am going to schedule a back up job for dbo.Policies, dbo.Users,dbo.Roles and dbo.Catalog to avoid the manual user permission restore, but i would really appreciate if anyone has some explanation about this.
EDIT: we have users coming from 2 domains. The problem occurs on users coming from one domain. Users from the other domain remain intact
I have a billing system project where i have a user accounts database with tables that stores user debt,transactions,statistics etc.
Now besides the normal user accounts i need to have another type of account which is temporary and only required as long as user is considered using provided services until he billed and account is closed.
The first thought was to create a new user for each new service sale/use but it seem that i will end up with thousands accounts pretty soon.
The second approach would have an temporary account pool. The system would generate a new account when no free temporary account exists or assign one from the pool when required.
So basically this temporary accounts will identify an actual person and his transactions for a limited time.
Any ideas for the best practices in my situation?
I think you are going to want to have a new account for each person simply so that you have a paper trail. I'm assuming there is going to be some kind of charge against this account. What happens when the charge is contested and you've deleted the information about the user? You will, at the very least, need to archive these records some place.
However, if you insist on having a temporary account, you could us a "real" account record and mark it as temporary and then run a cleanup routine periodically that deletes temporary accounts that are no longer in use.
Would it be possible to build a Ticketmaster style ticket reservation system by storing all information in a Cassandra cluster?
The system needs to be able to
1. Display the correct number of tickets available at one time
2. Temporarily reserve a ticket while the customer is making the purchase
3. No two users can ever buy the same ticket.
For consistency all reads and writes should be made at quorum. I'm not sure how to implement steps 2 or 3?
Yes, you can.
However, there will be some transactions where you want strict consistency. For example, consistency does not matter when the user is browsing the site and adding tickets to their shopping cart, but when they checkout and select a specific seat number on a specific day consistency matters a great deal (double bookings being a bad thing, especially for high interest events).
So, you could implement 99% of the functionality in an eventually consistent database and implement the checkout process in a consistent database. This is also nice because you can scale 99% of your system that likely gets >70% of the load horizontally and across multiple data centers. Just keep in mind that you will have to deal with the scenario of your site being up but your checkout process being down (ex., an error dialog at checkout asking them to wait/retry and giving them a promo code for their troubles).
The last detail is that you will need to update your eventually consistent database's "number of available tickets" after someone checks out. The good news is that this can be done lazily - queue up that job and do it whenever your system has some spare cycles. It certainly never has to happen in the critical path of the user's checkout process.
I'm developing an app that has to get some information from various sources (APIs and RSS) and display it to the user in near real-time.
What's the best way to get it:
1.Have a cron job to update them all accounts every 12h, and when a user is requesting one, update that account, save it to the DB and show it to the user?
2.Have a cron job to update them all accounts every 6h, and when a user is requesting one, update the account and showing it to the user without saving it to the DB?
What's the best way to get it? What's faster? And what's the most scallable?
12h or 6h, you have to do the math your self, you are the only one to know how many sources, how is your app hosted, what bandwidth you have....
Have a look at http://developmentseed.org/portfolio/managing-news it is drupal based and does what you need (and much more). You can either use it or diving in the code and see how it is done.