* Piotr Strzyzewski via db-wg
> Look at this page
>
https://www.ripe.net/manage-ips-and-asns/db/numbered-work-items> and start new NWI.
Thanks for the pointer!
Chairs (cc-ed), could we have an NWI for this?
Rough problem statement for the kickstart phase follows:
There is currently no way to automatically sync the «auth: SSO
x@y»
attributes for a maintainer object with the list of (non-billing) users
associated with an LIR.
This leads to duplication of work (adding/removing newly hired/departed
LIR administrators in two places).
Additionally, this increases the risk of unauthorised access, e.g., if an
administrator has left an LIR but was only removed from the LIR portal,
he might inappropriately retain access to manage database objects for the
LIR in question.
It is therefore desirable to have a method to protect RIPE database
objects so that they can be maintained by the list of (non-billing)
user accounts currently associated with a specific LIR at any given
time. That is, when a RIPE NCC Access account is removed from the LIR's
user list, the database maintainer access should be automatically
revoked for that account as well.
Tore