Uploaded image for project: 'OpenIDM'
  1. OpenIDM
  2. OPENIDM-14788

Improve performance of openidm-authorized role.

    Details

    • Target Version/s:
    • Verified Version/s:
    • Story Points:
      2

      Description

      IDM's default authorization model (access rules) require an openidm-authorized role for enduser access to profile and self-service endpoints. There are four ways to accomplish this:

      1. Include an authzRoles relationship to the openidm-authorized role in the create request
      2. Use an onCreate script on the managed/user to auto-add this relationship
      3. Define defaultUserRoles in authentication.json to include the openidm-authorized role.
      4. Use virtual property calculation in concert with an onStore script to add the openidm-authorized role to whatever roles are directly or conditionally granted.

      Presently, IDM implements option #2 which has unnecessary cost in both storage of the relationship and execution time in validating the relationship and persistence. Research alternatives (#3 and #4 are particularly interesting) and compare performance.

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                brmiller Brendan Miller
                Reporter:
                brmiller Brendan Miller
                QA Assignee:
                Jon Branch
              • Votes:
                0 Vote for this issue
                Watchers:
                3 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: