[OPENIDM-14495] Support Delegated admin privileges with DS as a repo - ForgeRock JIRA

Details

Type: Story
Status: Closed
Priority: Major
Resolution: Done
Affects Version/s: None
Fix Version/s: 7.0.0
Component/s: Module - Repository DS
Labels:
- LEWIS

Target Version/s:

7.0.0
Verified Version/s:

7.0.0
Story Points:
8
Sprint:
2020.06 - IDM, 2020.07 - IDM, 2020.08 - IDM, 2020.09 - IDM, 2020.10 - IDM
Epic Link:
DS as a shared repo

Description

Currently it is not possible to use delegated admin with DS as a repo. The missing functionality is the ability to cull the repo response data to only return data the user has a privilege for. With the reference link work in ~~OPENIDM-14434~~ it will be possible to filter on referenced vetex data, so the filters in the PrivilegeContext can be translated to a rest2ldap queryfilter to only return data available to the authorized user.

An example usecase for delegated admin is documented here this can be used when testing this functionality with ds as a repo.

Acceptance Crtieria

The data returned by the repo is only data the authorized user has access too.
The delegated admin functional tests all pass for ds as a repo

Attachments

Issue Links

depends on

OPENIDM-14434 Support DS reference and reverse reference types for IDM default objects

Closed

is related to

OPENIDM-12805 Allow target-vertex field filtering on edge-vertex relationship query with embedded DJ

Closed

Activity

People

Assignee:

Katie Gonzalez

Reporter:

Jason Lemay

Votes:

0 Vote for this issue

Watchers:

3 Start watching this issue

Dates

Created:

18/Mar/20 8:55 PM

Updated:

19/Aug/20 8:17 PM

Resolved:

30/Jul/20 9:57 PM