In the IT world, an Identity and Access Management (IAM) group is primarily a management convenience to manage the same set of permissions for a set of IAM users. We can create groups where we define a set of permissions or roles. With that, we can assign users to groups. We can also define which groups can manage a given resource. This is pretty straightforward, so let’s see how it worked in the Netgrif Application Engine and what the new solution looks like.

The old way - Neo4j graph database

The deprecated solution was using a graph database called Neo4j that was primarily implemented for enterprise solutions. The groups were stored as nodes of the graph and it was connected to our backend using Java objects and Spring beans. We had a class Group and a class Member (this represented the users in the groups). However, we wanted to implement a better, more Petriflow-full solution and then we got the idea: implement a solution called Group as a process!

The new way - Petriflow solution (Group as a process)

The new implementation of organization groups is using a Petriflow process model. This process represents the management of one group. 

This kind of solution enables us to manage the whole group management using Petriflow language and Netgrif Application Engine without any further customization or custom implementation of group management. Simple, when we want to create a group for a set of users, we just instantiate this process via creating a case and that’s it, the new group is done! We can check the case and tasks of a group as we are used to with usual cases in NAE. Each case of this process represents one group and the tasks of the case can be used for the management of that group. 

The owner of the group can add and remove users, can edit the group information or just check the information about the group. 

There are a few default groups in the system: a system group, that all of the users are part of and there is a default group created for each user during the registration process. These groups then can be displayed as usual cases and they are stored in MongoDB, so there is no need to use Neo4j anymore.