[aerogear-dev] [Unified Push Server] Roles structure & password management

Matthias Wessendorf matzew at apache.org
Thu Sep 12 07:51:41 EDT 2013 

On Wed, Sep 4, 2013 at 4:34 PM, Sebastien Blanc <scm.blanc at gmail.com> wrote:

> Hi,
> Start point is this jira https://issues.jboss.org/browse/AGPUSH-282 for
> allowing the creation of additional users/developers.
> In the current situation we have just one role : "developer" , so the
> first question is :
>
> - Should a user with the role "developer" be able to create another user ?
>

not sure an ordinary should be able to create other users


> - Should we introduce a "admin" role that can manage users (create, reset
> password, delete) ?
>

+1 on that


> - A mix of permissions ? (a developer can create other users but not
> remove them nor reset (except its own) password )
>

not sure on mixing. Do you have something concrete in mind?

I think it would be good if a 'developer' could be promoted to be come an
'admin' (to give an example);



>
> From there the second question regarding password management :
> In the current situation, our default user (called "admin" , yeah a bit
> confusing :) ) has a temporary password that must be changed the first time
> he logs in.
>
>  - Do we want to keep this ?
>  - Shall we move to a script that creates a user(s) ?
>

yeah, we have also a bug for removing what we currently have and replacing
it with something more powerful:
https://issues.jboss.org/browse/AGPUSH-223



>
> - When we add a user through the admin UI, should we provide a password or
> should it be generated and changed on first login ?
>

I like the idea from Bruno of sending an email, containing an URL for
changing the password;


>
> In other words, I think we must concretely spec out the user management
> for the UPS and we could use this thread to discuss that !
>

That would be great!


>
>
> _______________________________________________
> aerogear-dev mailing list
> aerogear-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/aerogear-dev
>



-- 
Matthias Wessendorf

blog: http://matthiaswessendorf.wordpress.com/
sessions: http://www.slideshare.net/mwessendorf
twitter: http://twitter.com/mwessendorf
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/aerogear-dev/attachments/20130912/7d90d27c/attachment.html

More information about the aerogear-dev mailing list