Uploaded image for project: 'Sakai'
  1. Sakai
  2. SAK-42465

Add user.view.any permission to allow global user lookups for webservices

    Details

    • Type: Task
    • Status: RESOLVED
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 20.0
    • Component/s: None
    • Labels:
      None
    • Test Plan:
      Hide

      Please add a Test Plan here.

      Show
      Please add a Test Plan here.

      Description

      This adds a new user.view.any permission to support the use-case for a webservice account to be able to look up user information through the /direct/user endpoint, without the account needing to be admin-equivalent.

      This can be achieved at a global level by setting the server configuration property entity.users.viewall=true, but that applies to all users. The user.view.any permission can be set for a specific account or group of accounts by creating a special account type (e.g. "webservice"), creating a user template role (e.g. !user.template.webservice), and then setting the permission for the .auth role in the template realm.

        Gliffy Diagrams

          Zeplin

            Attachments

              Activity

                People

                Assignee:
                smarquard Stephen Marquard
                Reporter:
                smarquard Stephen Marquard
                Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                  Dates

                  Created:
                  Updated:
                  Resolved:

                    Git Integration