Introduce Access History for Group/Role Access Requests #304
+357
−0
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…equest flow Display a user’s current and past access history to the requested group on the access request review page. Show both direct and role-based access, with clear indication of access method and duration. Add a section suggesting alternative role-based access if the user does not already have access via a role, encouraging best practices for access management. Always show both “Current Access” and “Past Access” tables, even if empty, for reviewer clarity. Rationale: This gives approvers full context on whether a user is requesting new access, renewing, or already has access (directly or via a role), and encourages granting access via roles for better maintainability, auditability, and least privilege.
…uests
Refactored UserAccessHistory to a generalized AccessHistory component that adapts to both user-group and role-group contexts.
Accepts subjectType ('user' or 'role'), subjectName, groupName, and auditHistory props.
Dynamically updates headings, summary, and info messages based on context.
Ensures no “User” language appears in role requests, and vice versa.
Updated role request flow to use role-group audit history (useGetGroupRoleAudits with role_id and group_id), fixing the issue where role access history was not shown.
Updated AccessHistoryTable to accept both OktaUserGroupMember[] and RoleGroupMap[] for flexible audit display.
Standardized info/empty state cards and made access history and alternative role suggestion cards collapsible for a cleaner UI.
Removed the old UserAccessHistory file and updated all imports/usages to use the new AccessHistory component.
Improved type safety and maintainability by unifying logic and reducing duplication.
Remove usage of secondary color
Remove unnecessary files
somethingnew2-0
previously approved these changes
Jun 30, 2025
Include <hr /> to break up Current / Past sections Co-authored-by: Peter C <somethingnew2-0@users.noreply.github.com>
|
|
somethingnew2-0
approved these changes
Jul 1, 2025
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
5BB6
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Overview
This PR introduces a comprehensive access history feature for access requests by implementing user access history, role/group access history.
Problem
Previously, reviewers had no visibility into whether a user or role had current or prior access to a group. This made it difficult to enforce least privilege and avoid redundant direct access.
Solution
Examples
Group Request
User has no previous access
Role request
Role has no current access/membership in group, but previously did