[security-dev] deleting a partition

Pedro Igor Silva psilva at redhat.com
Fri Jun 14 14:58:00 EDT 2013 

----- Original Message -----
> From: "Bill Burke" <bburke at redhat.com>
> To: "Pedro Igor Silva" <psilva at redhat.com>
> Cc: security-dev at lists.jboss.org
> Sent: Friday, June 14, 2013 3:29:06 PM
> Subject: Re: [security-dev] deleting a partition
> 
> 
> 
> On 6/14/2013 2:19 PM, Pedro Igor Silva wrote:
> > Ok, the reason is why this is a critical operation which involves removing
> > critical data. That said, I don't think we should do that, like I said,
> > "automatically".
> >
> 
> But again, you give no reason :)  Sure its critical data, but everything
> in the IDM is critical data.
> 

    I'm really trying to think in something else, with no success :).

    Maybe avoid mistakes and make sure the user knows what he is doing ? :) And considering that we provide a simple way to do that ...

> > You can always use the following construct to query all identity types:
> >
> > IdentityQuery<IdentityType> query =
> > identityManager.createIdentityQuery(IdentityType.class); // here we use
> > the base type to create the query
> >
> > query.setParameter(IdentityType.PARTITION, Realm.DEFAULT_REALM); // or
> > query.setParameter(IdentityType.PARTITION, "Another Partition")
> >
> > List<IdentityType> result = query.getResultList();
> >
> > for (IdentityType type: result) {
> >      // remove
> > }
> >
> 
> So, the above can be done at a higher level and not have to be done at
> each IdentityStore?  There's no potential for duplicate entries in a
> federated store?
> 

    Yes you can. U/R/G are unique for each Partition.

    Btw, just added a new test case for that.

        https://github.com/picketlink/picketlink/blob/master/modules/idm/tests/src/test/java/org/picketlink/test/idm/query/IdentityTypeQueryTestCase.java

> > I understand your point and it is valid. My opinion is just we should leave
> > that for users.
> >
> 
> Who is the user?  The admin UI on top of Picketlink IDM API?
> 

    Considering your usecase, yes.

> --
> Bill Burke
> JBoss, a division of Red Hat
> http://bill.burkecentral.com
>

More information about the security-dev mailing list