The goal of this document is to describe how the User Management will be implemented in the Unified Push Server. Currently there is only one user created by default when installing UPS. Having the possibility to create multiple users is a "Must Have" and should be manageable from the Admin Console. Some roles should also be introduced
There will be 3 different roles in this first version :
Role / action | Create | Update | Read | Delete | Reset pwd | User Mngt |
---|---|---|---|---|---|---|
Admin | X | X | X | X | X | X |
Developer | X | X | X | X | X | |
Viewer | X |
An Admin can create new user by providing a loginName
. This will be possible through :
At creation, the user will have a default password , i.e 123
.
When logging in for this first time, the new created user will be prompted to change his password.
If a user wants to reset his password, he has to request it manually (email, post pigeon ...) to an admin. The password will be again the default one and the user will have to change it again when logging in.
Currently, a authenticated user can see all the applications / variants / installations, no matter he is the author or not. There is also no concept of groups, that may come in the future releases.
Currently, it would be possible to implement this using Aerogear-Security-Picketlink and with some raw Picketlink :
secures
annotation that can be used to protect the endpoints.I know there are some concerns about this last points (Role escalation etc ...) and would like to have advice / feedback on what is acceptable / doable for the 0.10.0 release (15/01).