Re: [security-dev] deleting a partition
----- Original Message -----
From: "Bill Burke" <bburke(a)redhat.com>
To: "Pedro Igor Silva" <psilva(a)redhat.com>
Cc: security-dev(a)lists.jboss.org
Sent: Friday, June 14, 2013 3:29:06 PM
Subject: Re: [security-dev] deleting a partition
On 6/14/2013 2:19 PM, Pedro Igor Silva wrote:
> Ok, the reason is why this is a critical operation which involves removing
> critical data. That said, I don't think we should do that, like I said,
> "automatically".
>
But again, you give no reason :) Sure its critical data, but everything
in the IDM is critical data.
I'm really trying to think in something else, with no success :).
Maybe avoid mistakes and make sure the user knows what he is doing ? :) And
considering that we provide a simple way to do that ...
> You can always use the following construct to query all identity
types:
>
> IdentityQuery<IdentityType> query =
> identityManager.createIdentityQuery(IdentityType.class); // here we use
> the base type to create the query
>
> query.setParameter(IdentityType.PARTITION, Realm.DEFAULT_REALM); // or
> query.setParameter(IdentityType.PARTITION, "Another Partition")
>
> List<IdentityType> result = query.getResultList();
>
> for (IdentityType type: result) {
> // remove
> }
>
So, the above can be done at a higher level and not have to be done at
each IdentityStore? There's no potential for duplicate entries in a
federated store?
Yes you can. U/R/G are unique for each Partition.
Btw, just added a new test case for that.
https://github.com/picketlink/picketlink/blob/master/modules/idm/tests/sr...
> I understand your point and it is valid. My opinion is just we
should leave
> that for users.
>
Who is the user? The admin UI on top of Picketlink IDM API?
Considering your usecase, yes.
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com