Task #820
closed
Manually delete accounts in protected state
100%
Description
CzechIdM should support manual deletion of objects on connected system (e.g. user account) even though they are in protected state.
Related issues
Updated by Radek Tomiška about 7 years ago
- Related to Task #824: Security for AccAccount added
Updated by Radek Tomiška about 7 years ago
- Status changed from New to Needs feedback
- % Done changed from 0 to 20
- change 'inProtection' and 'endOfProtection' attributes
- then delete account.
It's little complicated, i know (two steps), but on the other side, removing accounts by bulk operation directly from table could be dangerous.
Is this behavior acceptable? Could be tested on develop.
Note: We added authorization policies support to account agenda (#824) and we are able to set base permissions for accounts => update accounts permission should have only 'account admin'.
Updated by Marcel Poul about 7 years ago
Nice work
removing accounts by bulk operation directly from table could be dangerous
I think it is always dangerous, no matter how do you delete account it. On the first look I would prefer easiest way by bulk action or a delete button. In that case, you can popup red warning for the admin. We can discuss tomorrow.
Updated by Vít Švanda about 7 years ago
- Category changed from Feedback to Account managment
- Status changed from Needs feedback to In Progress
- Assignee changed from Marcel Poul to Vít Švanda
- Target version set to Forsterite (7.6.0)
Manual delete of unprotected account on the protected system was changed.
- Now will be the account marked as the protected. All connected relations (identity-accounts) will be deleted (until the last one).
- I had to transformed AccAccountService for uses the events.
I have to create some tests and modify the documentation yet.
Updated by Vít Švanda about 7 years ago
- Assignee changed from Vít Švanda to Radek Tomiška
- % Done changed from 20 to 80
- Tests created
- Documentation completed.
Updated by Radek Tomiška about 7 years ago
- Status changed from In Progress to Needs feedback
- Assignee changed from Radek Tomiška to Ondřej Kopr
- % Done changed from 80 to 90
I made attribute 'inProtection' to be read only. To delete account in protected state is posible to set end of protection dat to the past, documentation:
https://wiki.czechidm.com/devel/dev/account-management/protection-system
Could you do a feedback pls?
Updated by Ondřej Kopr about 7 years ago
- Status changed from Needs feedback to Resolved
- Assignee changed from Ondřej Kopr to Radek Tomiška
- % Done changed from 90 to 100
I did feedback, set "Protected until" works as you describe, it is necessary to set it in past (set null not enough, null value = protection forever), attribute inProtection is readonly, manualy remove accounts works awesome, thank you for this feature.
Updated by Radek Tomiška about 7 years ago
- Status changed from Resolved to Closed