You are viewing a plain text version of this content. The canonical link for it is here.

Posted to oak-issues@jackrabbit.apache.org by "Angela Schreiber (Jira)" <ji...@apache.org> on 2022/06/10 12:49:00 UTC

[jira] [Created] (OAK-9799) Optional validator to mark external users/groups as protected

Angela Schreiber created OAK-9799:
-------------------------------------

             Summary: Optional validator to mark external users/groups as protected
                 Key: OAK-9799
                 URL: https://issues.apache.org/jira/browse/OAK-9799
             Project: Jackrabbit Oak
          Issue Type: Improvement
          Components: auth-external
            Reporter: Angela Schreiber
            Assignee: Angela Schreiber


when synchronizing external identities into the oak repository the users/groups are marked with a rep:externalId property but are otherwise accessible through the repository's user management API.
today this means that synced external identities can be modified like local users/groups if the editing session has sufficient permission to do so.

the aim of the improvement request is to optionally mark synced identities as 'protected' which would only allow system internal tasks (i.e. update upon re-sync) to write those external users/groups but prevent updates of properties or member information through regular JCR sessions. to discuss if removal of these external users should still be permitted.

cc: [~insuafer] as we discussed this improvement in a private conversation.



--
This message was sent by Atlassian Jira
(v8.20.7#820007)