Add "Shadow User" for Roles to improve Event security and behavior in OpCon
We experience pain in support and in the field because all OpCon events are tied to User Accounts. This causes problems when a User changes to another job and their privileges are decreased. Events start failing, and there is no way to resolve the problem except to delete the event and recreate it as an authorized user.
Also, today when we delete a user, we reset all the event ID's to ocadm, which solves one problem, but actually opens a security hole.
If we had a way to tie Events to Roles instead of individual users, this would solve many problems.
Create a "shadow user" for ever role in OpCon.
* This user would not be visible in user administration because it would be a locked down User Account used by the software only.
* This user would get created for each role, and deleted only when a role is deleted.
* In Event definition throughout the product, we would add a way to ask a user to choose a role to associate the event with.
** We would only present the us
Another option for this is to have a cross-reference dialog box appear where the customer can choose another user to replace the existing user with. The list would ideally only display other users with the appropriate privileges or the same role as the user being disabled or deleted.