You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@qpid.apache.org by "Keith Wall (JIRA)" <ji...@apache.org> on 2016/07/13 09:51:20 UTC
[jira] [Comment Edited] (QPID-7340) Implement purge user function
[ https://issues.apache.org/jira/browse/QPID-7340?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15373148#comment-15373148 ]
Keith Wall edited comment on QPID-7340 at 7/13/16 9:51 AM:
-----------------------------------------------------------
I think the most appropriate ACL rule we have at the moment is guard the operation with a METHOD "purgeUser" check. The permission could be given to someone in the identity maintainer role. (With latest ACL work, the access check is automatic, but will require a change to the LegacyAccessControlAdapter to convert into an old-style rule).
was (Author: k-wall):
I think the most appropriate ACL rule we have at the moment is guard the operation with a METHOD "purgeUser" check. The permission could be given to someone in the identity maintainer role.
> Implement purge user function
> ------------------------------
>
> Key: QPID-7340
> URL: https://issues.apache.org/jira/browse/QPID-7340
> Project: Qpid
> Issue Type: New Feature
> Components: Java Broker
> Reporter: Keith Wall
> Fix For: qpid-java-6.1
>
>
> When a human user leaves an organisation, it is normally desirable to remove the records that belong to that user. Implement an operation to allow a named user to be removed. This could be hooked to to an organisation's 'leavers-feed'.
> This operation should remove:
> * preferences
> * for authentication providers that manage their own database, the user's password entry
> * for group providers that manage their own database, remove the user from any groups
> What ACL permission should protect this operation?
> What if a Virtualhost is offline at the time the operation is invoked?
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@qpid.apache.org
For additional commands, e-mail: dev-help@qpid.apache.org