Uploaded image for project: 'OpenIDM'
  1. OpenIDM
  2. OPENIDM-15295

Privilege filtering should consider default roles

    XMLWordPrintable

    Details

    • Target Version/s:
    • Story Points:
      3

      Description

      In 7.0, internal roles such as openidm-authorized and openidm-admin are no longer assigned via a relationship, but as "defaultUserRoles" in authentication.json.
      While that is a positive thing in terms of the economy of relationship objects, one side effect seems to be that privileges defined on those roles are not considered by the privilege evaluation logic.
      One workaround would be to actually create a (conditional) relationship to the role in question, but this defies the idea of saving on redundant relationship objects while still having something apply "to everyone" ootb, analogous to the Authenticated Users 'group' in AM.
      Supporting privileges for default roles appears to be a more elegant and consistent approach.

        Attachments

          Activity

            People

            Assignee:
            Unassigned Unassigned
            Reporter:
            tim.vogt Tim Vogt
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Dates

              Created:
              Updated: