Task #820
closed
Manually delete accounts in protected state
Added by Marcel Poul about 7 years ago.
Updated about 7 years ago.
Category:
Account managment
Description
CzechIdM should support manual deletion of objects on connected system (e.g. user account) even though they are in protected state.
- Related to Task #824: Security for AccAccount added
- Status changed from New to Needs feedback
- % Done changed from 0 to 20
I've added attributes 'inProtection' and 'endOfProtection' to account detail and their are editable now. Delete account in protected state is possible now:
- change 'inProtection' and 'endOfProtection' attributes
- then delete account.
It's little complicated, i know (two steps), but on the other side, removing accounts by bulk operation directly from table could be dangerous.
Is this behavior acceptable? Could be tested on develop.
Note: We added authorization policies support to account agenda (#824) and we are able to set base permissions for accounts => update accounts permission should have only 'account admin'.
Nice work
removing accounts by bulk operation directly from table could be dangerous
I think it is always dangerous, no matter how do you delete account it. On the first look I would prefer easiest way by bulk action or a delete button. In that case, you can popup red warning for the admin. We can discuss tomorrow.
- Category changed from Feedback to Account managment
- Status changed from Needs feedback to In Progress
- Assignee changed from Marcel Poul to Vít Švanda
- Target version set to Forsterite (7.6.0)
Manual delete of unprotected account on the protected system was changed.
- Now will be the account marked as the protected. All connected relations (identity-accounts) will be deleted (until the last one).
- I had to transformed AccAccountService for uses the events.
I have to create some tests and modify the documentation yet.
- Assignee changed from Vít Švanda to Radek Tomiška
- % Done changed from 20 to 80
- Tests created
- Documentation completed.
- Status changed from In Progress to Needs feedback
- Assignee changed from Radek Tomiška to Ondřej Kopr
- % Done changed from 80 to 90
- Status changed from Needs feedback to Resolved
- Assignee changed from Ondřej Kopr to Radek Tomiška
- % Done changed from 90 to 100
I did feedback, set "Protected until" works as you describe, it is necessary to set it in past (set null not enough, null value = protection forever), attribute inProtection is readonly, manualy remove accounts works awesome, thank you for this feature.
- Status changed from Resolved to Closed
Also available in: Atom
PDF
