Currently it is not possible to use delegated admin with DS as a repo. The missing functionality is the ability to cull the repo response data to only return data the user has a privilege for. With the reference link work in
OPENIDM-14434 it will be possible to filter on referenced vetex data, so the filters in the PrivilegeContext can be translated to a rest2ldap queryfilter to only return data available to the authorized user.
An example usecase for delegated admin is documented here this can be used when testing this functionality with ds as a repo.
- The data returned by the repo is only data the authorized user has access too.
- The delegated admin functional tests all pass for ds as a repo