[security-dev] deleting a partition

Fri Jun 14 13:12:22 EDT 2013

I just don't think we should "automatically" do something like that. If you want to delete them, you can do it by yourself.

This is a critical thing. Not sure if we should do that internally, but just allow users to do it if they want.

You can query all u/r/g for a specific partition and delete them by yourself, using the Query API.

----- Original Message -----
From: "Bill Burke" <bburke at redhat.com>
To: "Pedro Igor Silva" <psilva at redhat.com>
Cc: security-dev at lists.jboss.org
Sent: Friday, June 14, 2013 2:02:32 PM
Subject: Re: [security-dev] deleting a partition

I don't agree. What's your reasoning?  At least in my case, because an 
Application is going to be a Partition, i'll need to have an operation 
somewhere that deletes the roles/role mappings somewhere.

On 6/14/2013 12:10 PM, Pedro Igor Silva wrote:
> IMO, we should not delete u/g/r and raise an exception instead. Telling the user that a partition can not be removed because of the associated data (u/r/g).
>
> If he wants to remove, he must remove first all related identity data.
>
> Btw, we were doing that before the last refactoring to the Partition API.
>
> ----- Original Message -----
> From: "Bill Burke" <bburke at redhat.com>
> To: security-dev at lists.jboss.org
> Sent: Friday, June 14, 2013 12:38:12 PM
> Subject: [security-dev] deleting a partition
>
> I'm looking at how to delete a partition and its not that simple.  Is
> this good enough?  First I delete all Agents, users, groups, and roles.
>    Relationships should be deleted too right?
>
>           List<AttributedType> toRemove = new ArrayList<AttributedType>();
>           {
>               IdentityQuery<IdentityType> query = new
> DefaultIdentityQuery(context, Agent.class, this);
>               List<IdentityType> resultSet = fetchQueryResults(context,
> query);
>               toRemove.addAll(resultSet);
>           }
>           {
>               IdentityQuery<IdentityType> query = new
> DefaultIdentityQuery(context, User.class, this);
>               List<IdentityType> resultSet = fetchQueryResults(context,
> query);
>               toRemove.addAll(resultSet);
>           }
>           {
>               IdentityQuery<IdentityType> query = new
> DefaultIdentityQuery(context, Group.class, this);
>               List<IdentityType> resultSet = fetchQueryResults(context,
> query);
>               toRemove.addAll(resultSet);
>           }
>           {
>               IdentityQuery<IdentityType> query = new
> DefaultIdentityQuery(context, Role.class, this);
>               List<IdentityType> resultSet = fetchQueryResults(context,
> query);
>               toRemove.addAll(resultSet);
>           }
>
> I do this all at the IdentityStore level, after this, I delete the
> partition entry using IdentityStore specific routines.
>
>

-- 
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com