Task #405
closedDefault role and default permissions
0%
Description
When there is a "defaultRole" - there should also be some default values of permissions set on that role.
After upgrading online demo, there were not permissions for basic user role "userRole" - especially those needed for starting "Role change process". This change is incompatible with older versions of IdM!
Please set default permissions (to flyway scripts?) so the application works out of the box :-)
(+ documentation)
Related issues
Updated by Radek Tomiška about 7 years ago
- Precedes Task #375: Authorization Policies - roles and identities tabs added
Updated by Radek Tomiška about 7 years ago
- Category set to Authentication / Authorization
- Status changed from New to Rejected
Default role is defined in demo data - usage for development only => change script for demo data role will not be created. Documentation was improved, see policy examples and configure environment policies as needed:
Updated by Marcel Poul about 7 years ago
- Priority changed from High to Normal
My presumption about the default role was wrong then. Sorry for that.
But the consequence for CzechIdM UX is the same. You want to download application and start using it without too much configuration. So there should be "admin" user with , "superAdmin role" assigned - I think this is true this time :-D
But I think there should also be some default role for all users with default permission: primarily for reading its identity detail, applying for a role etc. and of course default evaluator?
So I would like to have at least this ticket reopen for further discussion, Thx
Updated by Radek Tomiška about 7 years ago
When new demo IdM is installed, then new demo default role is created with the same configuration as documentation says - this is still the same, so after demo instalation, no configuration is needed.
Change script in this ticket will solve "upgrading demo instalation" - and this is not needed.
I don't see any other issue to solve here.
Updated by Marcel Poul about 7 years ago
you are right and my mistake. I mixed the demo data with init data. So the only question is wheter we should create default role with default user privileges in initialization data.