Security Rebuild Crons — business view

Technical trace: Security Cron Jobs

1. Business Summary

A background queue rebuilds row-level privilege records when entities are created/updated/deleted; supports retry, blacklist, and substitute attribution.

2. Business Value

Maintains the correctness of pre-computed security tables underlying RBAC.

3. Users / Stakeholders

System / administrators.

4. Workflows

  • Entity changes enqueue messages.
  • Background workers dequeue and rebuild grants.
  • On error, status flips to retry/error; retries follow configured intervals.

5. Sub-Features

  • Hard-coded blacklist of heavy items.
  • Substitute attribution captured.
  • Dedicated test runners.

6. Business Rules

  • Endpoint must be network-restricted (auth allowed at framework level).
  • Administrators bypass row-level checks.

7. Data Entities

Cron Job Queue, Security{Entity} and Security{Entity}User tables.

8. Entry Points

  • Security cron actions.

9. Inputs & Outputs

  • Inputs: queue messages.
  • Outputs: rebuilt security rows.

10. Integrations

  • AWS SQS / local queue.

11. Calculations / Logic

  • Path-traversal evaluation.

12. Status Lifecycle

  • Pending → success/error/retry/skipped.

13. Permissions

  • Service-level; framework-level auth bypass.

14. Reports & KPIs

  • Queue depth, error rate, retry counts.

15. Risks & Observations

  • Endpoint open if not network-restricted.
  • Hard-coded ID blacklist.
  • Recursion loops on cyclic relationships.

16. Source Code Evidence

  • app/Controller/SecurityCronJobsController.php, app/Controller/Component/SecuritySystemComponent.php.

← Deep dives index