jackrabbit-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Markus Joschko (JIRA)" <j...@apache.org>
Subject [jira] [Created] (JCR-3010) Introduce new default group whose members can add contribute members to the userAdmin group
Date Mon, 04 Jul 2011 07:58:21 GMT
Introduce new default group whose members can add contribute members to the userAdmin group
-------------------------------------------------------------------------------------------

                 Key: JCR-3010
                 URL: https://issues.apache.org/jira/browse/JCR-3010
             Project: Jackrabbit Content Repository
          Issue Type: New Feature
          Components: jackrabbit-core
            Reporter: Markus Joschko
            Priority: Minor


There is a check in the UserAccessControlProvider that effectively forbids everyone but the
admin to add users to the UserAdmin Group. 
This makes delegated administration of users where the admin user is not available to the
"application administrators" impossible.
As it is a security risk to allow every member of the group-admin group access to the user-admin
group, I'd like to ask to either allow members of the administrator group to add user to that
group or
 to add an additional group user-group-assignee-group (maybe with a better name) with that
right.

460                     /*
461                     below group-tree:
462                     - test if the user is group-administrator.
463                     - make sure group-admin cannot modify user-admin or administrators
464                     - ... and cannot remove itself.
465                     */

--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira

        

Mime
View raw message