Proposal: Add verification step in CDot admin panel to confirm changes
Problem
Based on the findings of https://gitlab.com/gitlab-org/fulfillment-meta/-/issues/1047#result, we know that 42% of email address changes on a Customer
are done via the admin panel in CDot.
Given that this is quite a substantial share, we should put a guardrail in place that decreases the risk of updating the wrong Customer
.
Updating the wrong Customer
can have multiple bad implications following after the change (e.g. wrong person can access account and see sensitive data).
Related to https://gitlab.com/gitlab-org/fulfillment-meta/-/issues/1026
Proposal
We introduce a modal that requires confirmation on a customer detail change.
On this modal we show:
- Old information that gets updated
- New information that gets updated
- Confirmation button
- Cancel button
Once the confirmation button is clicked, the Customer
gets updated.
Additionally, we can add a special log event adding to the currenty log event in the History
tab of the customer (e.g. verified = true/false):
update [last_name = Tes, updated_at = 2023-01-27 16:05:38 UTC, confirmed_at = 2023-01-27 16:05:36 UTC, skip_email_confirmation = true]
Result
We have a guardrail in place that confirms and manually validates that the right customer record gets updated.