Task #611
closed
Enable change password and role requests for subordinates
100%
Description
Enable change password for subordinates, when manager has permission to it (IDENTITY_PASSWORDCHANGE).
Enable create role requests for subordinates, when manager has permission to it (IDENTITY_EDIT).
Updated by Radek Tomiška almost 7 years ago
- Subject changed from Enable change password for subordinates to Enable change password and role requests for subordinates
- Description updated (diff)
- Status changed from New to Needs feedback
- Assignee changed from Radek Tomiška to Vít Švanda
- % Done changed from 0 to 90
I've enabled change password and create role request for manager with permissions above.
Could you pls do a test and feedback pls?
Updated by Vít Švanda almost 7 years ago
- Status changed from Needs feedback to Closed
- Assignee changed from Vít Švanda to Radek Tomiška
- % Done changed from 90 to 100
Works and looks awesome
Updated by Jan Helbich almost 7 years ago
- % Done changed from 100 to 90
I doubt that setting IDENTITY_EDIT (with subordinates evaluator) is the correct solution for this task as it enables the manager to edit the whole identity and its EAV attributes.
Why don't we just use the "Role requests" agenda permissions?
Updated by Radek Tomiška almost 7 years ago
- % Done changed from 90 to 100
Role request agenda doesn't support authorization policies now, so this is not possible. We talk about it before with Vitek and this will be solved in #418.
Now is behavior as you says. Manager gain access to edit identity with assign role included.