[aerogear-dev] [Unified Push Server] Roles structure & password management
Sebastien Blanc
scm.blanc at gmail.com
Wed Sep 4 10:34:40 EDT 2013
Hi,
Start point is this jira https://issues.jboss.org/browse/AGPUSH-282 for
allowing the creation of additional users/developers.
In the current situation we have just one role : "developer" , so the first
question is :
- Should a user with the role "developer" be able to create another user ?
- Should we introduce a "admin" role that can manage users (create, reset
password, delete) ?
- A mix of permissions ? (a developer can create other users but not remove
them nor reset (except its own) password )
>From there the second question regarding password management :
In the current situation, our default user (called "admin" , yeah a bit
confusing :) ) has a temporary password that must be changed the first time
he logs in.
- Do we want to keep this ?
- Shall we move to a script that creates a user(s) ?
- When we add a user through the admin UI, should we provide a password or
should it be generated and changed on first login ?
In other words, I think we must concretely spec out the user management for
the UPS and we could use this thread to discuss that !
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/aerogear-dev/attachments/20130904/9ffbd01f/attachment.html
More information about the aerogear-dev
mailing list