A department head needs to grant a new admin access to one of about thirty internal apps. In the system she inherited, that means filing a ticket, waiting for a developer to RDP into a Windows box, edit a row in a spreadsheet kept beside a decade-old ColdFusion service1, click a button, then email back to confirm. Multiple business days, every time, for a single line of permission.
The original maintainer had retired. Nobody on the team could read the ColdFusion. Audits were answered by hand from screenshots and memory.
Same task, two systems
Each segment in the top bar is a hand-off. The bottom bar is one person dragging a search result onto a role card.
The replacement is an Express service over the existing SQL tables, a vanilla-JS frontend, and Shibboleth at the Apache layer for identity. The whole UI is drag-and-drop: search a username, drop the result onto a role card, drop onto the trash icon to revoke. The schema stamps every grant with added_by and added_on, so the permission table doubles as the audit log. The next time the audit request landed, the answer was one query.
Two business years on, granting or revoking access is under a minute. The ColdFusion is retired. Other Node services in the same colleges resolve identity through this database. Same codebase, no rewrites.
-
The previous system was an Adobe ColdFusion application maintained by a developer who had retired before I joined. ColdFusion's last major release in the open is CF2023; the codebase in question predated it by roughly a decade. Replacement was a precondition for any new application that needed scoped permissions. ↩