Add ability to remove permissions from "abandoned" shared drives
Description
Shared drives with no managers with @cam.ac.uk should not be left using our tenancy space. We should have the ability to remove (and record) the permissions on a shared drive so that the users lose access. They can then shout if they need it (and have permissions restored), otherwise (after an unspecified period) we can delete the drive.
Further details
We currently aren't exposing the augmented permissions (additional permissions on files within a shared drive different from the shared drive permissions themselves). We need to add these to the cache file and expose in the reporting.
We can then use this data when removing the permissions.
As the targeted shared drives don't have @cam.ac.uk managers, we will need to add a management account to the shared drive to be able to scan it.
Task list
- Retrieve augmented permissions on files in shared drives when scanning them and show these augmented permissions in the shared drive report
- Add a management user to shared drives when no manager could be used for scanning
- Include createdTime and orgUnitId in shared drive report for additional report usage
- Add ability to remove shared drive permissions (initially just a single drive) and record these for latest restoration if needed.
Acceptance criteria
-
All shared drive permissions are shown in reports -
A shared drive can have its permissions completely removed -
A shared drive, having had its permissions removed, can have its permissions restored