0

With Event Sourcing, everything is traceble to the very beginning, so also user creation. In our system we do user creation and admin stuff over a public API. We have a (quite common) security rule: Only Admin users may delete users and give privileges to other users, i.e. to make them Admin.

In case of ES, how would you provision the system right after clean install? This can be the case when doing sandboxed integration tests.

Sorry for this rather philosophical question :)

Pepster
  • 1,996
  • 1
  • 24
  • 41

2 Answers2

0

Who gives root access to root?

An event sourced system with no events is in its initial state, which is not necessarily a null state.

VoiceOfUnreason
  • 52,766
  • 5
  • 49
  • 91
  • Typically you need to provide such credentials during installation. If I look at other services, like mysql for example, I see you need to provide a ROOT password during startup. Something like that can be bootstrapped during startup but sound like a security issue. – Pepster Jun 23 '16 at 15:30
0

Are you saying you need a default admin account in order to create other accounts? If so, just run a script that creates a default admin as part of the deployment / provisioning process

[UPDATE]

You can insert an event in EventStore via HTTP http://docs.geteventstore.com/http-api/3.7.0/writing-to-a-stream

tomliversidge
  • 2,339
  • 1
  • 15
  • 15
  • So the script needs to tap in some other domain logic, since the normal domain will check if the creating user has permission to create a user. – Pepster Jul 07 '16 at 12:04
  • @Pepster yes I would bypass the normal domain checking code and probably just directly add an admin in the database – tomliversidge Jul 07 '16 at 12:17
  • With ES, you need to have an event for it, and then view tables who can update accordingly. I wonder if that can be done by just a script. – Pepster Jul 07 '16 at 12:55
  • You can just poke in an event either over HTTP or one of the clients – tomliversidge Jul 07 '16 at 13:07