Uploaded image for project: 'Sling'
  1. Sling
  2. SLING-10321

Deprecate service mapping by userID

    XMLWordPrintableJSON

Details

    Description

      cziegeler, kpauls, for security reasons I would like to deprecate the old service user mapping by a single userID in favor of the new format that takes one or multiple principal names.
      The new format allows to keep service permissions limited to service-users as declared in the mapping and doesn't resolve declare or inherited group permissions. This gives full control over the effective permissions granted to each service and doesn't risk unrelated permission changes (e.g. to a base group like 'everyone') impacting service security.

      Attachments

        Issue Links

          is related to

          Bug - A problem which impairs or prevents the functions of the product. SLING-10324 ServiceUserMapper documentation is incomplete

          • Major - Major loss of function.
          • Resolved

          Activity

            People

              angela Angela Schreiber
              angela Angela Schreiber
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Time Tracking

                  Estimated:
                  Original Estimate - Not Specified
                  Not Specified
                  Remaining:
                  Remaining Estimate - 0h
                  0h
                  Logged:
                  Time Spent - 40m
                  40m