docs(07): capture phase context for user access audit
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
Dev
119
.planning/phases/07-user-access-audit/07-CONTEXT.md
Normal file
119
.planning/phases/07-user-access-audit/07-CONTEXT.md
Normal file
@@ -0,0 +1,119 @@
|
||||
# Phase 7: User Access Audit - Context
|
||||
|
||||
**Gathered:** 2026-04-07
|
||||
**Status:** Ready for planning
|
||||
|
||||
<domain>
|
||||
## Phase Boundary
|
||||
|
||||
Administrators can audit every permission a specific user holds across selected sites, distinguish access types (direct/group/inherited), and export results to CSV or HTML. The audit accepts multiple users via a tenant people picker and uses global site selection (Phase 6) with per-tab override.
|
||||
|
||||
Requirements: UACC-01, UACC-02
|
||||
|
||||
Success Criteria:
|
||||
1. A User Access Audit tab is accessible and accepts a user identifier and site selection as inputs
|
||||
2. Running the audit returns a list of all access entries the user holds across the selected sites
|
||||
3. Results distinguish between direct role assignments, SharePoint group memberships, and inherited access
|
||||
4. Results can be exported to CSV or HTML in the same format established by v1.0 export patterns
|
||||
|
||||
</domain>
|
||||
|
||||
<decisions>
|
||||
## Implementation Decisions
|
||||
|
||||
### User Identification Input
|
||||
- People picker powered by Microsoft Graph API to show autocomplete dropdown of tenant users
|
||||
- Supports selecting multiple users for batch audit
|
||||
- Site selection uses global sites (Phase 6) with per-tab override (same pattern as Permissions/Storage tabs)
|
||||
- Single "Run Audit" click scans all selected users across all selected sites in one operation
|
||||
|
||||
### Results Presentation
|
||||
- DataGrid with toggle to switch between group-by-user and group-by-site views
|
||||
- Essential columns only: User, Site, Object (list/folder), Permission Level, Access Type (Direct/Group/Inherited), Granted Through
|
||||
- Per-user summary banner above the detail grid showing: total accesses, sites count, high-privilege count
|
||||
- Search/filter TextBox to filter within audit results by any column
|
||||
- Column sorting on all columns
|
||||
|
||||
### Access Type Distinction
|
||||
- Both color-coded rows AND Access Type column with icons for maximum clarity
|
||||
- Direct assignments: distinct color tint + icon
|
||||
- Group memberships: distinct color tint + icon, plus group name in "Granted Through" column
|
||||
- Inherited access: distinct color tint + icon
|
||||
- High-privilege entries (Full Control, Site Collection Admin) flagged with a warning icon/bold styling
|
||||
- External/guest users (#EXT#) flagged with a guest badge/icon (reuse existing PermissionEntryHelper.IsExternalUser)
|
||||
|
||||
### Export Format — HTML
|
||||
- Full interactive HTML with collapsible groups, sortable columns, search filter, color coding (consistent with existing HTML exports)
|
||||
- Summary header section with per-user access counts and risk highlights
|
||||
- Both group-by-user and group-by-site views available in a single report via toggle/tab
|
||||
|
||||
### Export Format — CSV
|
||||
- One CSV file per audited user (separate files for sharing individual audit results)
|
||||
- Summary section included at top of each file (user, total accesses, sites count, high-privilege count)
|
||||
- Flat row structure with all essential columns
|
||||
|
||||
### Claude's Discretion
|
||||
- Exact color palette for access type row tinting (should be accessible and distinguishable)
|
||||
- Icon choices for Direct/Group/Inherited/Warning/External badges
|
||||
- Microsoft Graph API scope and authentication integration approach
|
||||
- Internal service architecture (new UserAccessAuditService vs extending PermissionsService)
|
||||
- DataGrid grouping implementation details (WPF CollectionViewSource or custom)
|
||||
- HTML report JavaScript implementation for toggle between views
|
||||
- Localization key names for new strings
|
||||
|
||||
</decisions>
|
||||
|
||||
<code_context>
|
||||
## Existing Code Insights
|
||||
|
||||
### Reusable Assets
|
||||
- `PermissionsService.ScanSiteAsync(ctx, options, progress, ct)` — scans all permissions on a site; audit can filter results by target user(s)
|
||||
- `PermissionEntry` record — 9-field flat record with ObjectType, Title, Url, Users, UserLogins, Type, PermissionLevels, GrantedThrough, HasUniquePermissions
|
||||
- `PermissionEntryHelper.IsExternalUser(loginName)` — detects #EXT# guest users
|
||||
- `PermissionEntryHelper.FilterPermissionLevels(levels)` — removes "Limited Access"
|
||||
- `CsvExportService.BuildCsv(entries)` — CSV generation with merge logic (pattern reference)
|
||||
- `HtmlExportService` — HTML report generation with embedded JS (pattern reference)
|
||||
- `SitePickerDialog` — reusable multi-site picker (already wired from toolbar in Phase 6)
|
||||
- `FeatureViewModelBase` — base class with GlobalSites property and OnGlobalSitesChanged hook
|
||||
- `SessionManager.GetOrCreateContextAsync(profile, ct)` — authenticated ClientContext provider
|
||||
- `WeakReferenceMessenger` — cross-VM messaging for progress updates
|
||||
|
||||
### Established Patterns
|
||||
- Tab ViewModel extends `FeatureViewModelBase` with `[ObservableProperty]` for bindable state
|
||||
- `RunOperationAsync` pattern for long-running operations with progress reporting
|
||||
- Export commands as `IAsyncRelayCommand` with `CanExport` predicate
|
||||
- Dialog factories as `Func<Window>?` set from code-behind
|
||||
- Localization via `TranslationSource.Instance["key"]` with Strings.resx / Strings.fr.resx
|
||||
- `_hasLocalSiteOverride` pattern for per-tab site override protection
|
||||
|
||||
### Integration Points
|
||||
- New tab in `MainWindow.xaml` TabControl
|
||||
- New `UserAccessAuditView.xaml` + `UserAccessAuditViewModel.cs` following existing tab pattern
|
||||
- New service for user-centric permission querying (filters PermissionEntry by user)
|
||||
- New export services for audit-specific CSV and HTML formats
|
||||
- DI registration in `App.xaml.cs` for new services and ViewModel
|
||||
- Localization keys in `Strings.resx` / `Strings.fr.resx` for audit tab UI
|
||||
|
||||
</code_context>
|
||||
|
||||
<specifics>
|
||||
## Specific Ideas
|
||||
|
||||
- The people picker should query Graph API as the admin types, with debounced autocomplete
|
||||
- Per-user summary should highlight if a user has Site Collection Admin access (highest risk)
|
||||
- The HTML report toggle between "by user" and "by site" should be a simple tab/button in the report header, not requiring page reload
|
||||
- CSV files should be named with the user's email for easy identification (e.g., `audit_alice@contoso.com_2026-04-07.csv`)
|
||||
|
||||
</specifics>
|
||||
|
||||
<deferred>
|
||||
## Deferred Ideas
|
||||
|
||||
None — discussion stayed within phase scope
|
||||
|
||||
</deferred>
|
||||
|
||||
---
|
||||
|
||||
*Phase: 07-user-access-audit*
|
||||
*Context gathered: 2026-04-07*
|
||||
Reference in New Issue
Block a user