You are viewing a plain text version of this content. The canonical link for it is here.

Posted to oak-issues@jackrabbit.apache.org by "Angela Schreiber (Jira)" <ji...@apache.org> on 2022/06/27 14:17:00 UTC

[jira] [Resolved] (OAK-9799) Optional validator to mark external users/groups as protected

     [ https://issues.apache.org/jira/browse/OAK-9799?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Angela Schreiber resolved OAK-9799.
-----------------------------------
    Resolution: Fixed

> Optional validator to mark external users/groups as protected
> -------------------------------------------------------------
>
>                 Key: OAK-9799
>                 URL: https://issues.apache.org/jira/browse/OAK-9799
>             Project: Jackrabbit Oak
>          Issue Type: Improvement
>          Components: auth-external
>            Reporter: Angela Schreiber
>            Assignee: Angela Schreiber
>            Priority: Major
>             Fix For: 1.44.0
>
>
> when synchronizing external identities into the oak repository the users/groups are marked with a rep:externalId property but are otherwise accessible through the repository's user management API.
> today this means that synced external identities can be modified like local users/groups if the editing session has sufficient permission to do so.
> the aim of the improvement request is to optionally mark synced identities as 'protected' which would only allow system internal tasks (i.e. update upon re-sync) to write those external users/groups but prevent updates of properties or member information through regular JCR sessions. to discuss if removal of these external users should still be permitted.
> cc: [~insuafer] as we discussed this improvement in a private conversation.



--
This message was sent by Atlassian Jira
(v8.20.7#820007)