Uploaded image for project: 'OpenIDM'
  1. OpenIDM
  2. OPENIDM-14788

Improve performance of openidm-authorized role.

    XMLWordPrintable

    Details

    • Target Version/s:
    • Verified Version/s:
    • Story Points:
      2

      Description

      IDM's default authorization model (access rules) require an openidm-authorized role for enduser access to profile and self-service endpoints. There are four ways to accomplish this:

      1. Include an authzRoles relationship to the openidm-authorized role in the create request
      2. Use an onCreate script on the managed/user to auto-add this relationship
      3. Define defaultUserRoles in authentication.json to include the openidm-authorized role.
      4. Use virtual property calculation in concert with an onStore script to add the openidm-authorized role to whatever roles are directly or conditionally granted.

      Presently, IDM implements option #2 which has unnecessary cost in both storage of the relationship and execution time in validating the relationship and persistence. Research alternatives (#3 and #4 are particularly interesting) and compare performance.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              brmiller Brendan Miller
              Reporter:
              brmiller Brendan Miller
              QA Assignee:
              Jon Branch Jon Branch
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: