...
- Job information is updated in the institution's HR system. The employee's job is given an end date (** should the architecture consider support for future end-dating of affiliations? **)
- An institutionally defined process invokes Person Registration and Update either via REST API call (synchronous method) or by placing a Person Update message in the Person Update queue (asynchronous method). The payload of this message contains the end-date job as well as the source system identifier for the employee.
- Person Registration will invoke Person Search service to find the proper person for this update, based on the source system identifier supplied.
- Person Registration will update the job information in the Master Person Store.
- Person Registration will invoke Group Update through a REST API (synchronous method) or by placing a Person Update message in the Person Update queue (asynchronous method).
- Groups Service will evaluate dynamic group memberships for the employee, removing them from groups relating to the former job.
- Groups Service will invoke Provisioning Service via REST API (synchronous method) or by placing a Group Update message in the Group Update queue (asynchronous method).
- Provisioning Service will dynamically deprovision services relating to the former job
Scenario Background #1#2:
An existing employee's job has ended and there is a need to revoke access immediately.
...