Uploaded image for project: 'OpenIDM'
  1. OpenIDM
  2. OPENIDM-15295

Privilege filtering should consider default roles

    Details

    • Target Version/s:

      Description

      In 7.0, internal roles such as openidm-authorized and openidm-admin are no longer assigned via a relationship, but as "defaultUserRoles" in authentication.json.
      While that is a positive thing in terms of the economy of relationship objects, one side effect seems to be that privileges defined on those roles are not considered by the privilege evaluation logic.
      One workaround would be to actually create a (conditional) relationship to the role in question, but this defies the idea of saving on redundant relationship objects while still having something apply "to everyone" ootb, analogous to the Authenticated Users 'group' in AM.
      Supporting privileges for default roles appears to be a more elegant and consistent approach.

        Attachments

          Activity

            People

            • Assignee:
              brmiller Brendan Miller
              Reporter:
              tim.vogt Tim Vogt
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated: