Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-5714

Add support for more granular delegation privileges

    XMLWordPrintable

    Details

    • Type: Improvement
    • Status: Open
    • Priority: Major
    • Resolution: Unresolved
    • Affects Version/s: 11.0.2, 12.0.0
    • Fix Version/s: None
    • Component/s: delegation
    • Labels:

      Description

      Currently, OpenAM lets you assign privilege as follows :
      1. login to admin console
      2. click a realm from [Access Control] tab
      3. click [Subjects] -> [Group] -> click "New..." and create a group
      4. click [Privileges] tab and you will see newly created group. Click that group and assign privileges.

      When you give privilege "Read and write access to all realm and policy properties", then that subject would get all access to realm and policies. Unfortunately, you cannot limit the privilege to just managing subjects, but not auth chains. This RFE is to enhance OpenAM to have more fine grained privilege.

        Attachments

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              sachiko Sachiko Wallace
            • Votes:
              9 Vote for this issue
              Watchers:
              21 Start watching this issue

              Dates

              • Created:
                Updated: