laxmanhalaki/RE_Documents
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
main
RE_Documents/RE_Extracted_From_Proposal_Key_Info.md

12 KiB
Raw Permalink Blame History

Key Information Extracted from BPM Proposal Document

Relevant to Streamlined Approvals Project

What We Learned from the Proposal

1 Technology Stack Mentioned

Frontend:    Next.js
Backend:     Node.js (with MongoDB compatibility mentioned)
Database:    MongoDB / PostgreSQL (both mentioned)
Auth:        Active Directory (AD) via SSO
Email:       SMTP integration for automated emails
API Gateway: Node.js
Web Server:  Apache (mentioned in proposal)

⚠️ Conflicts with SRS:

  • SRS says: React.js + PostgreSQL
  • Proposal says: Next.js + MongoDB

Decision needed before starting development!

2 SSO & Authentication Approach

From the proposal (line 268):

"Design a secure login page, which allow user to redirect to AD, System user login through AD"

What this tells us:

  • SSO integration with Active Directory is confirmed
  • Users will be redirected to AD for authentication
  • No separate user/password management needed
  • ⚠️ We need AD integration documentation and test credentials

Implementation Pattern:

User → Workflow Portal → Redirect to AD SSO → Authenticate → 
Return JWT Token → Access Portal with Token

3 Email Notification System

The proposal mentions extensive email automation:

Email Type Trigger Mentioned In
Acknowledgement Email After form submission Line 83-87
Opportunity Email When vacancy available Line 98-107
Reminder Emails At D+2, D+5 for pending tasks Line 115-116
Approval Notification When request needs action Line 257-259
Status Update Emails On approval/rejection Throughout

Email Infrastructure Needed:

  • SMTP server configuration
  • Email templates (HTML)
  • Automated cron jobs for reminders
  • Sender email address (e.g., workflow-noreply@royalenfield.com)

⚠️ For Streamlined Approvals:

  • SRS says "optional email integration"
  • Proposal assumes email is REQUIRED
  • Decision needed: Is email mandatory or optional?

4 Active Directory Integration

For User Search & @Tagging:

The proposal mentions:

  • User registration with role assignment (lines 270-282)
  • Multiple user roles managed in the system
  • Integration with AD for authentication

What we need:

  • AD LDAP endpoint or Microsoft Graph API access
  • Service account credentials for querying AD
  • User attributes available: Name, Email, Employee ID, Department, Designation, Manager
  • Sample AD user object structure

Use Cases:

  1. @Tagging approvers during workflow creation
  2. @Mentioning users in Work Notes
  3. Adding spectators to requests
  4. User search across organization

5 Role-Based Access Control (RBAC)

Roles mentioned in proposal (for Dealer Onboarding):

  • Admin ID
  • DD Lead (Dealer Development Lead)
  • IT Team
  • ZM DD (Zonal Manager - Dealer Development)
  • RBM (Regional Business Manager)
  • ZBH (Zonal Business Head)
  • NBH (National Business Head)

For Streamlined Approvals (Non-Templatized):

  • Initiator
  • Approver (multi-level, up to 10)
  • Final Approver
  • Spectator
  • Admin (implied but not explicitly defined in SRS)

Questions:

  • Is there a Super Admin role?
  • Can Admin view/modify any request?
  • How are roles assigned - from AD or application?

6 File Upload & Document Management

From Proposal:

  • File upload functionality required
  • Support for multiple file types
  • Document storage and retrieval
  • Document version management mentioned

From SRS (Streamlined Approvals):

  • Max file size: 10MB per file
  • Supported formats: PDF, Word, Excel, PPT, Images
  • Preview for PDF and images
  • Download for other formats
  • Google Docs/Sheets links allowed

Storage Recommendation:

  • Use Google Cloud Storage (GCS) for file storage
  • Store file metadata in PostgreSQL
  • Generate signed URLs for secure access
  • Implement file retention policy

7 Approval Workflow Pattern

From Proposal (Dealer Resignation/Termination):

Lines 203-209:

Approval workflow:
- Level 1: Zonal Business Head (ZBH)
- Level 2: Dealer Development Lead (DD Lead)
- Level 3: National Business Head (NBH)

If rejected at any level → Request goes back to previous level
Email notification sent to responsible person

This matches Streamlined Approvals approach:

  • Multi-level approval hierarchy
  • Sequential approval (level by level)
  • Rejection sends back to previous level
  • Email notifications at each stage
  • TAT tracking per level

8 Automated Reminders & TAT Management

From Proposal:

Lines 257-259:

Automated Email Reminders:
- Configure reminders for pending tasks
- Mail templates configured
- Cron jobs configured

Lines 115-116:

Automate Notifications for Incomplete Responses:
- Email reminders at D+2 and D+5 days

This aligns with SRS TAT tracking:

  • Automated reminders at TAT thresholds (50%, 80%, 100%)
  • Color-coded TAT status (Green/Yellow/Red)
  • System-generated alerts
  • Cron jobs for scheduled reminders

9 Security Measures

From Proposal (lines 465-474):

Security Feature Description
SSL Certificate All APIs secured with wildcard SSL
JWT Tokens JWT and JWE for API security
Rate Limiting Minimize automated attack harm
SQL Injection Protection App secured from DB injection
XSS Protection Clickjacking, XSS, MIME-Sniffing protection
Security Headers All security headers enabled
Session Management Secure, built-in session manager
Token Invalidation JWT tokens invalidated after logout

All of these should be implemented in Streamlined Approvals!

🔟 Testing Approach

From Proposal (lines 475-485):

Testing Types:
✅ Functionality Testing
✅ Usability Testing
✅ Compatibility Testing
✅ Interface Testing
✅ Performance Testing (Basic)
✅ Security Testing (Basic)
✅ UAT Support
✅ 2 weeks post-launch monitoring

This should be our testing roadmap too!

11 Communication & Governance

From Proposal (lines 603-618):

Meeting Frequency Duration Attendees
Daily Scrum Daily 10 mins Dev Team, PM
Weekly Review Weekly 30 mins Team Heads, PM, Client
Monthly Governance Monthly 60 mins PM, Client, PO, SPOC

This cadence should be followed for Streamlined Approvals project

12 Infrastructure Specifications

From SRS:

Environment:    QA / Testing
VMs:            1
CPU:            4-Core
Memory:         16 GB
Disk:           500 GB
OS:             Ubuntu 24.04 LTS
Storage:        Cloud (GCS)

Backup:

  • Daily incremental backups
  • Weekly full backups
  • Restore time: < 2 hours

13 Project Methodology

From Proposal: Waterfall Approach

Phases:

  1. Scope and plan project
  2. Gather and document requirements
  3. Design application
  4. Develop application and perform unit tests
  5. Conduct system testing
  6. Perform UAT
  7. Fix application as appropriate
  8. Deploy application

⚠️ Note: Waterfall is mentioned, but Agile/Scrum might be better for:

  • Non-templatized workflows (requirements may evolve)
  • Faster feedback cycles
  • Incremental delivery

Recommendation: Hybrid approach

  • Waterfall for overall phases
  • Agile sprints within development phase

14 Client Responsibilities

From Proposal (lines 554-569) - What RE Must Provide:

Designate a project coordinator Provide business logic and rules Timely responses (within 3 days for queries, demos, UAT) Change control approval (within 7 days) Provide hosting server Provide software licenses (if any) Make server available with required environment Support coordination with third parties (e.g., SSO, AD, payment gateways)

These are CRITICAL dependencies!

15 Assumptions from Proposal

Important assumptions (lines 533-543):

  1. RE will provide SAP APIs (if needed)
  2. RE will provide accurate information
  3. RE will approve and review on time
  4. RE will complete UAT before handover
  5. Development team will have full access to RE personnel and documentation
  6. RE will provide needed documentation
  7. Technical/organizational changes communicated 1 week in advance
  8. ⚠️ HA (High Availability) architecture assumed for business-critical apps

16 Out of Scope (From Proposal)

What is NOT included (lines 544-553):

Any module not mentioned in scope Third-party integrations not listed On-premises system configuration Data cleansing and validation Purchase of 3rd party licenses Data creation Data migration to new application Any requirement not in scope document

For Streamlined Approvals: This means:

  • SAP integration (not needed)
  • DMS integration (not needed)
  • Data migration from old systems (if any)
  • Integration with other RE systems (unless specified)

🎯 Critical Takeaways for Streamlined Approvals

What's Confirmed:

  1. SSO/AD authentication is required and proven approach exists
  2. Email notifications are expected (not optional)
  3. Multi-level approval workflow pattern is validated
  4. Security measures are well-defined
  5. Testing approach is comprehensive
  6. Infrastructure specs are clear (1 VM, Ubuntu 24.04, 4-Core, 16GB)
  7. Communication cadence is defined

⚠️ What Needs Clarification:

  1. Frontend: React.js (SRS) vs Next.js (Proposal) ← MUST DECIDE
  2. Database: PostgreSQL (SRS) vs MongoDB (Proposal) ← MUST DECIDE
  3. BPM Platform: Use Camunda/Newgen or build custom? ← MUST DECIDE
  4. Email service: Is it mandatory or optional? ← MUST CLARIFY
  5. AI service: Which provider for conclusion remarks? ← MUST DECIDE
  6. Admin role: What are admin privileges? ← MUST DEFINE

🚨 Blockers if Not Resolved:

  1. No SSO documentation → Cannot implement login
  2. No AD access method → Cannot implement @tagging
  3. No test users → Cannot test workflows
  4. No database credentials → Cannot persist data
  5. No email SMTP config → Cannot send notifications
  6. Tech stack not finalized → Cannot start development

📋 Action Items Summary

Week 1 (CRITICAL):

  • Schedule kickoff meeting with RE stakeholders
  • Get decision on: React vs Next.js
  • Get decision on: PostgreSQL vs MongoDB
  • Get decision on: BPM platform vs Custom
  • Obtain SSO integration documentation
  • Obtain AD integration method
  • Get 10-15 test user accounts
  • Receive database connection credentials
  • Set up Git repository

Week 2 (HIGH PRIORITY):

  • Confirm email service requirement (mandatory or optional?)
  • Obtain SMTP credentials if email is required
  • Select AI service provider (OpenAI/Azure/Gemini)
  • Get GCP project access and VM details
  • Obtain domain name and SSL certificate
  • Finalize role definitions (especially Admin role)
  • Set up development environment
  • Begin database schema design

Week 3 (MEDIUM PRIORITY):

  • Create architecture document
  • Design API endpoints
  • Create email template designs
  • Set up CI/CD pipeline
  • Prepare test data and scenarios
  • Identify UAT participants
  • Begin sprint planning

📞 Who to Contact for What

Dependency Contact Role Purpose
SSO Integration IT Infrastructure Team Documentation + test environment
AD Integration Directory Services Team LDAP access + service account
Database Database Admin Credentials + provisioning
Email SMTP IT Operations SMTP config + approval
GCP Infrastructure Cloud Admin VM access + GCS bucket
AI Service Product Owner + Legal Selection + data privacy
Test Users HR/IT User accounts with roles
Figma Designs UX/UI Designer Developer handoff access
Domain/SSL Network Admin DNS + certificate
Security Review InfoSec Team Security requirements

Document Created: October 17, 2025
Source Documents:

  • streamlined_approvals.md (SRS)
  • Royal Enfield Proposal 1.06.txt (BPM Proposal)

Status: Ready for Review
Next Step: Present in kickoff meeting and get decisions on all conflicts